Arno Wagner wrote: > On Sat, Jul 18, 2009 at 11:03:09AM +1000, Roscoe wrote: >> On 7/18/09, martin f krafft <madduck@xxxxxxxxxxx> wrote: >> That's a bit of screwing around coding a niche functionality. >> >> What I'd like to see is -h support for LUKS in cryptsetup, the ability >> to print the bulk payload key and the ability to specify the bulk >> payload key with luksFormat (which is useful in other circumstances >> too). That way one could achieve what you desire pretty easily.. > > That would be useful. Ability to provide pre-generated volume key (sometimes called master or payload key) for luksFormat is planned, probably in next release of cryptsetup (possible Key Escrow mechanism build over LUKS can use this too). Also I want to remove hardcoded SHA-1 (used in PBKDF2) implementation and replace it with libgcrypt calls. It would be probably better to make hash algoritm as parameter (through -h option), so everything provided by libgcrypt for hash will be usable here. (This way is hash already used in non-LUKS mapping, so it is just major cleanup of code, no new dependences on any crypto library) Milan --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
