Bug#390514: [Pkg-cryptsetup-devel] Bug#390514: cryptsetup doesn't work with SSL encrypted keys

Stephan Seitz nur-ab-sal at gmx.de
Tue Oct 10 09:11:02 UTC 2006 

Hi!

First I want to apologize for using UTF-8 characters in my bug report. It 
seems not everyone can handle them yet, and a bug report should be 
readable by all.

On Thu, Oct 05, 2006 at 10:00:29AM +0200, David Härdeman wrote:
>On Sun, October 1, 2006 18:29, Stephan Seitz said:
>It should hopefully be able to do so if you use the option
>keyscript=/lib/cryptsetup/scripts/decrypt_ssl instead of just "ssl", more
>explanation below.

No, it doesn't work. I'm asked for the password of the key, and then 
nothing happens. Using ps I see that the process cryptsetup luksOpen is 
in sleeping state doing nothing. But does LUKS work with password form 
stdin? The old method is using keyfiles in /tmp IIRC.

>For now, I'd suggest you either: wait for the new release, help test the
>SVN version (once I've had time to do some more work on it), or use the
>keyscript option in /etc/crypttab instead of the "ssl" option.

Latter doesn't work while my patched version of the decrypt function is 
working. But I will help testing. Simply tell me when you have a test 
version ready.

>> 5. Now it works. The next step would be solving the problem how a 
>> normal user could use cryptsetup to activiate a encrypted partition or 
>> an encrypted removable device.
>I think Gnome already has support for mounting luks-encrypted removable
>storage (e.g. USB keys). The gnome-volume-manager changelog suggests its
>been available since the beginning of this year.

Yes, but I don't use Gnome or KDE. The loop-aes utils have a patched 
version of mount, so I can write everything in /etc/fstab without the 
need for other programs.

I have two new options for /etc/crypttab: user and noauto with the same 
meaning as in /etc/fstab. I have devices I don't want to activate at 
system start.

Shade and sweet water!

	Stephan

-- 
| Stephan Seitz                    E-Mail: Nur-Ab-Sal at gmx.de |
| PGP Public Keys: http://fsing.rootsland.net/~stse/pgp.html |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20061010/977b19c3/attachment.pgp

More information about the Pkg-cryptsetup-devel mailing list