On 11/03/2010 11:34 PM, Arno Wagner wrote: > The only interface for integrating external keys is by > reading them from file or stdin and that is by desing > to keep things simple. I am maintaining it with the basic idea that libcrypsetup/cryptsetup is simple tool to configure encrypted partitions using kernel crypto. Nothing more, nothing less. New api in libcrypsetup provides two trivial interfaces to get passphrase or key - directly provided buffer (owned by application) or keyfile. For the compatibility reasons it fallbacks to read from terminal/stdin but the focus is to move passphrase reading into application responsibility. IOW if anyone want to handle LUKS mapping in program (imagine e.g. systemd - issue of these days) it can use libcryptsetup and handle safe password reading dialog in application. (Using stdin in cryptsetup in scripts is problematic - you cannot control and wipe all buffers. But this option will be always there. I mean constructions like echo "password" | cryptsetup luksOpen ...) Handling of various tokens and cards is always wrapper around cryptsetup - (either scripts or binaries linked to libcryptsetup). Maybe one day these scripts will be part of upstream tarball, currently it is up to the distribution to add them. Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
