It would be awesome if it was possible to make the containers even more secure by making it possible to add a GPG key to the container, so it only would be possible to mount them if the right GPG key is presented.
This would be a major new feature which, however, needs further discussion.
There are at least two possibilities for an implementation of this feature:
1. Store the GPG encrypted master key to the container in a small separate file.
2. Store the GPG encrypted master key somewhere in the header of the container.
The first possibility would be just an addition to the password which would open
the container as well.
In the second possibility the GPG encrypted master key would replace the encryption
by the password. A separate key file isn't needed but there are two disadvantages:
a) An encrypted GPG packet has some structure (tag, length bytes, key ID) which
would make the container distinguishable from a random file.
b) The replacement in the header would break the scramdisk or truecrypt container
format and thus interoperability with these programs would be relinquished.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Logged In: YES
user_id=1281148
Originator: NO
This would be a major new feature which, however, needs further discussion.
There are at least two possibilities for an implementation of this feature:
1. Store the GPG encrypted master key to the container in a small separate file.
2. Store the GPG encrypted master key somewhere in the header of the container.
The first possibility would be just an addition to the password which would open
the container as well.
In the second possibility the GPG encrypted master key would replace the encryption
by the password. A separate key file isn't needed but there are two disadvantages:
a) An encrypted GPG packet has some structure (tag, length bytes, key ID) which
would make the container distinguishable from a random file.
b) The replacement in the header would break the scramdisk or truecrypt container
format and thus interoperability with these programs would be relinquished.