--VkVuOCYP9O7H3CXI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Apr 08, 2006 at 09:15:37PM +0200, Jan Danielsson wrote:

> Could someone explain how to create a 2-factor key for use with cgd?
>=20
> I want to create an encrypted volume that requires two keys to access.

A very quick answer, sorry, hopefully I or others can add more detail
in later followups:

the params file can contain multiple key generation methods, one after
the other, in which case the keys generated by each are xor'd together
to produce the final result.  This is used, for example, with -G to
produce two params files with different passphrases to produce the one
final key.

depending on what you consider as 'factors', a 2-factor method can be
built with two passphrases, or by keeping the params file (including
static key) separate from the disk, say on a usb token, or externally
using some other solution and the -s argument to cgdconfig to inject
the final key from whatever other storage and retreival mechanism
suits your needs.

--
Dan.
--VkVuOCYP9O7H3CXI
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (NetBSD)

iD8DBQFEOEXQEAVxvV4N66cRAtr2AJ4uhPsxQZb7ACuq1GoVLF0Ba+40/wCfbHA2
ZtYoieO01SIK713v6EnBgs8=
=1ZHi
-----END PGP SIGNATURE-----

--VkVuOCYP9O7H3CXI--