Piping two gpg'ed keys to cryptsetup luksAddKey

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This may be a feature request, or just a call for some bash scripting help:

I would like to add a (piped, gpg'ed) key to a luks partition that was 
originally formatted with a piped key from gpg:

Create the container
# gpg --decrypt --quiet 2>>/dev/null first_key.gpg | cryptsetup \
    luksFormat /dev/partition

So gpg will ask for my passphrase for my (usb random) key, and then pipe the 
decrypted output to cryptsetup, creating the container.

Now comes the question:  how to pipe in the original key and a new piped key 
at the same time, for the luksAddKey action.

I have tried unsuccessfully to use the --key-file=- option and some bash 
constructs like (subshells) and {code blocks} along with pipes.  The best I 
have been able to do is get the new key in, but with a <cr> added or some 
other mangling.  That doesn't work, when later trying to luksOpen the 
container with the new key.

To clarify further, I don't want to use an intermediate or temporary cleartext 
key, or UUencode either of the random gpg keys.  I also don't want to take 
the key apart and write it to a temporary file.

If we can't find a way to do this, I will be happy to help with a patch.  I am 
not a good enough coder to solve this on my own, yet.  I do think there is a 
need for this, please offer any suggestions.  Thanks!

Mick Reed

---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx


[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux