Bug#370302: [Pkg-cryptsetup-devel] Bug#370302: a better
recommendation for cryptdisks.functions
David Härdeman
david at 2gen.com
Sun Jun 4 20:27:29 UTC 2006
On Sun, Jun 04, 2006 at 09:38:28PM +0200, Jonas Meurer wrote:
>> 1) seperate the init-script and the decrypt-scripts so that anybody can
>> write his own decrypt-script without modify the init-script. The
>> decrypted key must be in "/tmp/cryptdisk.key" were it will be removed
>> after added a crypted disk.
>
>good idea, i will implement it soon.
Writing a key to /tmp might not be a good idea since it could be
recoverable later.
Why not change the semantics of /etc/crypttab so that the third column
(keyfile) is interpreted as a script if the file exists and has the
executable bit set. If so, the script is executed and its stdout is
piped to cryptsetup via stdin.
Sounds ok?
//David
More information about the Pkg-cryptsetup-devel
mailing list