[pkg-cryptsetup-devel] Bug#903163: Adding OpenPGP smartcard support to LUKS
Peter Lebbing
peter at digitalbrains.com
Thu Nov 8 11:14:39 GMT 2018
On 08/11/2018 02:07, Guilhem Moulin wrote:
> However that doesn't happen currently because I'm really worried about
> copying real private key material to the initramfs along with the stubs;
> GnuPG upstream was asked about a documented API to retrieve the stubs
> but hasn't answered yet AFAIK. I'm not sure if the implementation
> currently found in our branch would choke if the wrong smartcard is
> inserted: I wasn't able to test this as I have only one token :-)
I have an idea on how to do this all more elegantly, but I haven't found
the time to work it out yet. Please don't block on this when the current
solution works for single reader, single smartcard cases. I don't know
when I'll find the time, but I'll try something out and submit it as a
patch.
I can test with multiple test readers and cards and intend to do so.
(For someone wondering: why do we need support for multiple card
readers? Consider the situation where a laptop has a built-in smartcard
reader but the user wishes to use a GnuK, which is a removable USB
device, to unlock his partition instead. This user cannot remove the
built-in smartcard reader.)
Cheers,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20181108/6ededa54/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list