Bug#390514: [Pkg-cryptsetup-devel] Bug#390514: cryptsetup doesn't
work with SSL encrypted keys
David Härdeman
david at hardeman.nu
Tue Oct 10 21:53:35 UTC 2006
On Tue, Oct 10, 2006 at 11:09:08PM +0200, Stephan Seitz wrote:
>On Tue, Oct 10, 2006 at 11:11:02AM +0200, Stephan Seitz wrote:
>>No, it doesn't work. I'm asked for the password of the key, and then
>>nothing happens. Using ps I see that the process cryptsetup luksOpen is
>>in sleeping state doing nothing. But does LUKS work with password form
>>stdin? The old method is using keyfiles in /tmp IIRC.
>
>Okay, here some more information.
>do_luks() in /lib/cryptsetup/cryptdisks.functions expects that the script
>defined with keyscript= gives the necessary key via standard out
>($KEYSCRIPT $key <&1 | $CRYPTCMD $PARAMS luksOpen $src $dst) while the
>script decrypt_ssl writes the encrypted key to an temporary file.
>
>I tried to write the script decrypt_ssl in a way that it sends the key to
>standard out but without success. You can't have echo output in the
>script because it would be send to the cryptsetup command, so you don't
>get any hint that you have to enter the password. I tried it from the
>command line with no success either. Maybe the reason is that the key is
>a binary key (gen-ssl-key uses /dev/random without converting the result
>to base64) and something gets lost in the pipe.
You seem to be working with the source of the latest package
version...this is not a good idea since the scripts have seen a lot of
changes already in SVN. So please take a look at the svn sources if you
want to help out.
PS.
To answer your output problem:
Output which should be visible to the user but not to stdout should
normally be written to /dev/console or /dev/tty
--
David Härdeman
More information about the Pkg-cryptsetup-devel
mailing list