peris wrote:It seems that you use a passphrase to protect the real AES encrypton/decryption key in stead of allowing the user to select to input the real key directly (probably protected by a asymmetric algorithm).
Is that correct?
If that is the case the strenght of the mechanism (for confidentialiy) is much much lower than it should be and below what you can create with freeNAS-type of distributions if you know what you are doing. One problem is that the asymmetric passphrase-unlock mechanism is weaker than the symmetric AES algorithm (weakest link in the chain decides the strenght of the chain). But the big problem in this approach is that you might for example have added a separate backdoor passphrase that your tech support can use to unlock customer disks if we forget the passphrase. I do understand the need for such a mode of operation, but please understand that backdoors (if present) always leak (and for people that actually are interested in using encryption there is no way we can trust a implementation that allows for back-doors).
No, there's no such back door you mentioned.
So, what I'd like to see is an "high security (confidentiality)" option (checkbox in GUI) to input the AES256 key myself (from the keyboard, or by temporary inserting an USB drive with the key in a file) the few times I do need to restart/upgrade (users of higher end models use UPS to protect from power failures). Should be really easy to implment (mostly just sidestepping the passphrase part thus avoiding weaking the mechanism).
Is this available or (when) will this be available?
Yes, we are now considering adding this option for users to input their own AES256 key themselves. Details will be anounced once they are available.
See my other replies for your other concerns regarding to the disk encryption feature.