[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Feitian PKI donation to dm-crypt projetc



On 11/03/2010 11:34 PM, Arno Wagner wrote:

> The only interface for integrating external keys is by
> reading them from file or stdin and that is by desing
> to keep things simple.

I am maintaining it with the basic idea that libcrypsetup/cryptsetup
is simple tool to configure encrypted partitions using kernel crypto.
Nothing more, nothing less.

New api in libcrypsetup provides two trivial interfaces to get
passphrase or key - directly provided buffer (owned by application)
or keyfile.

For the compatibility reasons it fallbacks to read from
terminal/stdin but the focus is to move passphrase reading
into application responsibility.

IOW if anyone want to handle LUKS mapping in program
(imagine e.g. systemd - issue of these days) it can use
libcryptsetup and handle safe password reading dialog
in application.

(Using stdin in cryptsetup in scripts is problematic - you cannot
control and wipe all buffers. But this option will be always there.
I mean constructions like echo "password" | cryptsetup luksOpen ...)

Handling of various tokens and cards is always wrapper around
cryptsetup - (either scripts or binaries linked to libcryptsetup).

Maybe one day these scripts will be part of upstream tarball,
currently it is up to the distribution to add them.

Milan
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt


[DM Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

Add to Google Powered by Linux