-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Ben Slusky wrote:
| I've cut out xgetpass() entirely. Now that hashing is done outside | losetup, there's no sense in reading any more than LO_KEY_SIZE bytes. | So if we're given an fd or an external program then we do a plain old | read(2), otherwise a plain old getpass(3).
Ben:
Thanks for these patches!
I have been working on encrypted-root, with the password mangled via gpg key pairs.
I can get everything to work (almost) with a "stock" util-linux-2.12 via the following losetup chain:
gpg --homedir /mnt/usb/.gnupg \ ~ -d /mnt/usb/.gnupg/hard-disk-keyfile.gpg | \ ~ losetup -e twofish -p 0 /dev/loop/5 $DATA
This works -- *until* you try to run something like this from PID 1 (init), for example in a pivot_root set-up script at boot time. When you do that, you don't have a TTY, and GPG will die with "can't open /dev/tty".
So I need something like Jari's lomount patch, which expands the getpass ~ functions in lomount to call GPG (with the --no-tty option, and using xgetpass).
Is there some way to merge the two approaches? Or to use your approach with GPG that I am missing?
Thanks!
- - boyd
Boyd Waters http://www.aoc.nrao.edu/~bwaters/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/VXnB0is8k1r0QeURAnAkAJ9yKkSouwyHwNabOd5B1Q2r+90zHgCfcwRw 1gkcPPNMuOMtpmsbpGYGS80= =L1R5 -----END PGP SIGNATURE-----
- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
