[Pkg-cryptsetup-devel] [calestyo at scientia.net: Additions to cryptsetup]
Jonas Meurer
jonas at freesources.org
Fri Jun 6 08:17:45 UTC 2008
----- Forwarded message from Christoph Anton Mitterer <calestyo at scientia.net> -----
Date: Fri, 30 May 2008 22:04:17 +0200
From: Christoph Anton Mitterer <calestyo at scientia.net>
Subject: Additions to cryptsetup
To: mejo at debian.org
Hi Jonas.
I've attached a script that can be used to dump the luks header of a
given partition (which contains the encrypted master keys).
Could you please add it to the package? License is whatever you want,...
GPL3, 2, BSD.
Have you had any time to add gnupg support for the initramfs?
You remember the ideas we've talked about?
Best wishes,
Chris.
----- End forwarded message -----
-------------- next part --------------
#!/bin/sh
#dump_luks_header
#Christoph Anton Mitterer <calestyo at scientia.net>
#
#
#This script dumps the LUKS partition header.
#
#Note that dumping the LUKS partition header may have security related issues.
#Dumping the header and storing it at different locations (this could even
#happen automatically via the OS or the filesystem) makes it nearly impossible
#to track those copies and thus prevent an effective revocation of keys (from
#the key slots).
deviceFile=$1
#check if cryptsetup supports LUKS and if the device has a LUKS partition header
cryptsetup isLuks $deviceFile 2> /dev/null
tmp=$?
if test $tmp -eq 1 ; then
echo "Unsupported version of cryptsetup." 1>&2
exit 1
elif test $tmp -eq 234 ; then
echo "$1 has no LUKS partition header." 1>&2
exit 1
fi
#dertermine the size of the header
payloadOffset=$( cryptsetup luksDump $deviceFile | grep "Payload offset" | sed -e "s/Payload offset:\t//" )
#dump the header to stdout
dd if=$deviceFile count=$payloadOffset bs=1 #2> /dev/null
tmp=$?
if test $tmp -ne 0 ; then
exit 1
fi
exit 0
More information about the Pkg-cryptsetup-devel
mailing list