[Pkg-cryptsetup-devel] Re: batch mode?

[Jonas Meurer]

On 02/02/2006 gebi at sbox.tugraz.at wrote:
> Quoting Jonas Meurer <jonas at freesources.org>:
> 
> >ah, but there is still no possibility to give the password as
> >command-line argument or via stdin?
> 
> command-line shouldn't be implemented imho, because of security concerns.
> stdin should allready be possible via /proc/self/fd/ ;).

i agree with you, only it would be useful for providing a timeout
function in cryptdisks. but when the patch for cryptsetup is accepted by
clemens, that is quite a better solution.

> >looks good, but the main advantage is mount/umount support, correct?
> 
> not only that, but also seamless file system image support ;) (no  
> losetup things anymore for formatting cryptofilesystems in files).

ok, so either we should improve luksformat to support fs images, or
grml-crypt needs to be restricted to exactly that. i don't know what you
think, but i gues that luksformat is a cleaner implementation.

> >i don't believe that we need yet another script to provide such
> >functionality. The cryptdisks initscript already has support for
> >automatically configuring encrypted devices, and hopefully mount support
> >for dm-crypt will be added soon.
> 
> cryptdisks init script is for more static usage scenarios...
> grml-crypt/luksformat is more for dynamic scenarios.
> 
> >do you think that grml-crypt is useful in debian?
> 
> sorry you are right :(.
> it's only a temporary fix for the other tools (there are also  
> lukstools, which are something similar to my grml-crypt but in c).

yes, it's a workaround. i'dd prefer a clean implementation, best would
be to have dm-crypt support in mount ;-)
nevertheless grml-crypt is a handy script, and i believe that it's very
useful for your grml distribution.

...
 jonas