[pkg-cryptsetup-devel] cryptsetup: Please save password to kernel keyring

Laurent Bigonville bigon at debian.org
Fri Apr 13 17:01:27 BST 2018

On Mon, 09 Jan 2017 23:58:11 +0100 Laurent Bigonville <bigon at debian.org> 

 > Hi,
 > Since gdm 3.22, there is a new pam module that unlock the gnome-keyring
 > using the keyring using the password of the luks partition.
 > The idea is that on a single user laptop, the user uses the same
 > password for his encrypted root and user in addition to autologin.
 > Tje pam module read the kernel keyring to find that password with the
 > followin code:
 > serial = find_key_by_type_and_desc ("user", "cryptsetup", 0);
 > if (serial == 0)
 > r = keyctl_read_alloc (serial, &cached_password);
 > So it would be nice if cryptsetup could store that password in the
 > keyring after opening successfully the main luks partition.
 > Regards,

OK, what could be done for this?

I guess that askpass could store the password in the keyring if a flag 
is passed to it asking for it?

Would that be a viable solution?

The difficult part would be to detect a wrong password and not store it 
I guess?

More information about the pkg-cryptsetup-devel mailing list