Bug#370302: [Pkg-cryptsetup-devel] Bug#370302: a better
recommendation for cryptdisks.functions
Jonas Meurer
jonas at freesources.org
Mon Jun 5 20:23:51 UTC 2006
On 04/06/2006 David Härdeman wrote:
> On Sun, Jun 04, 2006 at 09:38:28PM +0200, Jonas Meurer wrote:
> >>1) seperate the init-script and the decrypt-scripts so that anybody can
> >> write his own decrypt-script without modify the init-script. The
> >> decrypted key must be in "/tmp/cryptdisk.key" were it will be removed
> >> after added a crypted disk.
> >
> >good idea, i will implement it soon.
>
> Writing a key to /tmp might not be a good idea since it could be
> recoverable later.
yes, better pipe it through stdin.
> Why not change the semantics of /etc/crypttab so that the third column
> (keyfile) is interpreted as a script if the file exists and has the
> executable bit set. If so, the script is executed and its stdout is
> piped to cryptsetup via stdin.
>
> Sounds ok?
yes, sounds like a nice feature, but i'm not sure whether implementing
more non-obvious features is good.
and adding one more option for the options field in /etc/crypttab is more
obvious than extending the usage of the keyfile field.
also, the keyfile still needs to be passed to the script, otherwise you
need an own script for every encrypted disk.
...
jonas
More information about the Pkg-cryptsetup-devel
mailing list