Bug#390514: [Pkg-cryptsetup-devel] Bug#390514: cryptsetup doesn't
work with SSL encrypted keys
Stephan Seitz
nur-ab-sal at gmx.de
Tue Oct 10 21:09:08 UTC 2006
On Tue, Oct 10, 2006 at 11:11:02AM +0200, Stephan Seitz wrote:
>No, it doesn't work. I'm asked for the password of the key, and then
>nothing happens. Using ps I see that the process cryptsetup luksOpen is
>in sleeping state doing nothing. But does LUKS work with password form
>stdin? The old method is using keyfiles in /tmp IIRC.
Okay, here some more information.
do_luks() in /lib/cryptsetup/cryptdisks.functions expects that the script
defined with keyscript= gives the necessary key via standard out
($KEYSCRIPT $key <&1 | $CRYPTCMD $PARAMS luksOpen $src $dst) while the
script decrypt_ssl writes the encrypted key to an temporary file.
I tried to write the script decrypt_ssl in a way that it sends the key to
standard out but without success. You can't have echo output in the
script because it would be send to the cryptsetup command, so you don't
get any hint that you have to enter the password. I tried it from the
command line with no success either. Maybe the reason is that the key is
a binary key (gen-ssl-key uses /dev/random without converting the result
to base64) and something gets lost in the pipe.
Shade and sweet water!
Stephan
--
| Stephan Seitz E-Mail: Nur-Ab-Sal at gmx.de |
| PGP Public Keys: http://fsing.rootsland.net/~stse/pgp.html |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20061010/d3800df0/attachment.pgp
More information about the Pkg-cryptsetup-devel
mailing list