[Pkg-cryptsetup-devel] [calestyo at scientia.net: Additions to cryptsetup]

[Jonas Meurer]

----- Forwarded message from Christoph Anton Mitterer <calestyo at scientia.net> -----

Date: Fri, 30 May 2008 22:04:17 +0200
From: Christoph Anton Mitterer <calestyo at scientia.net>
Subject: Additions to cryptsetup
To: mejo at debian.org

Hi Jonas.

I've attached a script that can be used to dump the luks header of a
given partition (which contains the encrypted master keys).
Could you please add it to the package? License is whatever you want,...
GPL3, 2, BSD.

Have you had any time to add gnupg support for the initramfs?
You remember the ideas we've talked about?

Best wishes,
Chris.





----- End forwarded message -----
-------------- next part --------------
#!/bin/sh

#dump_luks_header
#Christoph Anton Mitterer <calestyo at scientia.net>
#
#
#This script dumps the LUKS partition header.
#
#Note that dumping the LUKS partition header may have security related issues.
#Dumping the header and storing it at different locations (this could even
#happen automatically via the OS or the filesystem) makes it nearly impossible
#to track those copies and thus prevent an effective revocation of keys (from
#the key slots).




deviceFile=$1


#check if cryptsetup supports LUKS and if the device has a LUKS partition header
cryptsetup isLuks $deviceFile 2> /dev/null
tmp=$?
if test $tmp -eq 1 ; then
	echo "Unsupported version of cryptsetup." 1>&2
	exit 1
elif test $tmp -eq 234 ; then
	echo "$1 has no LUKS partition header." 1>&2
	exit 1
fi


#dertermine the size of the header
payloadOffset=$( cryptsetup luksDump $deviceFile | grep "Payload offset" | sed -e "s/Payload offset:\t//" )


#dump the header to stdout
dd if=$deviceFile count=$payloadOffset bs=1 #2> /dev/null
tmp=$?
if test $tmp -ne 0 ; then
	exit 1
fi

exit 0