[pkg-cryptsetup-devel] anyone from the cryptsetup team attending debconf12?
LeJacq, Jean Pierre
jeanpierre.lejacq at quoininc.com
Tue Jul 10 18:26:06 UTC 2012
On Tuesday, July 10, 2012 03:34:22 jonas wrote:
> Am 09.07.2012 00:25, schrieb LeJacq, Jean Pierre:
> > I'd be interested in getting together at the conference to go over
> > some enhancements to the scripts to combine alternated authentication
> > with the key storage.
>
> I fear that nobody from the tremendous cryptsetup team attends
> Debconf12. Joking aside, the team consists of exactly two active
> developers, Jean-Louis Dupond and me.
>
> But feel free to discuss your questions and suggestions here on this
> list. You're also invited to join the team and/or prepare patches for
> the cryptsetup package.
Hi Jonas,
Thanks for your response.
I'm currently using a hacked version of cryptsetup that handles the use case
where there are multiple logical volumes (partitions, disk, ...) encrypted
separately with the same GnuPG encrypted LUKS keyfile.
I've been using a hacked version of the cryptsetup script's that combines
decrypt_keyctl and decrypt_gnupg. Essentially, I replace the the askpass call
with the decrypt_gnupg() function call.
I like to see if your team would be interested in the approach where we
abstract the passphrase capture functionality to support a number of methods,
including askpass and decrypt_gnupg(). The change would have to include:
1. Modification of decrypt_keyctl to support alternate passphrase capture.
2. Change in syntax of /etc/crypttab entries.
3. Change in the initramfs scripts to understand what needs to be installed.
If you are open to this idea, I'd like to submit a patch for your review.
--
JP
m: +1 609 468 6172
More information about the pkg-cryptsetup-devel
mailing list