[pkg-cryptsetup-devel] anyone from the cryptsetup team attending debconf12?

LeJacq, Jean Pierre jeanpierre.lejacq at quoininc.com
Tue Jul 10 18:26:06 UTC 2012


On Tuesday, July 10, 2012 03:34:22 jonas wrote:
> Am 09.07.2012 00:25, schrieb LeJacq, Jean Pierre:
> > I'd be interested in getting together at the conference to go over
> > some enhancements to the scripts to combine alternated authentication
> > with the key storage.
> 
> I fear that nobody from the tremendous cryptsetup team attends
> Debconf12. Joking aside, the team consists of exactly two active
> developers, Jean-Louis Dupond and me.
> 
> But feel free to discuss your questions and suggestions here on this
> list. You're also invited to join the team and/or prepare patches for
> the cryptsetup package.

Hi Jonas,

Thanks for your response.

I'm currently using a hacked version of cryptsetup that handles the use case 
where there are multiple logical volumes (partitions, disk, ...) encrypted 
separately with the same GnuPG encrypted LUKS keyfile.

I've been using a hacked version of the cryptsetup script's that combines 
decrypt_keyctl and decrypt_gnupg. Essentially, I replace the the askpass call 
with the decrypt_gnupg() function call.

I like to see if your team would be interested in the approach where we 
abstract the passphrase capture functionality to support a number of methods, 
including askpass and decrypt_gnupg(). The change would have to include:

1. Modification of decrypt_keyctl to support alternate passphrase capture.
2. Change in syntax of /etc/crypttab entries.
3. Change in the initramfs scripts to understand what needs to be installed.

If you are open to this idea, I'd like to submit a patch for your review.

-- 
JP

m: +1 609 468 6172



More information about the pkg-cryptsetup-devel mailing list