i'm obviously missing something here.
could you explain why it is a bad idea to have two files, the key and salt, which
would be used to initially mount the regular file, then securely deleted from the
host and only re-introduced to the host when decryption/remounting is required.
and also, for us luddites, how do you read the password on stdin.
in great expectations,
the whole point of requiring you to type in the password is to require
you to type in the password. if that's not possible, just use expect.
it is a bad idea to put the password on disk. i mean, come on. in
what scenario are you capable of "securely" installing and deleting a
vi vnconfig.c and go from there.