Hi
The reason I`m doing it is to have a solution where passphrase never leave host or better, never leave cryptsetup tool. My company is working on NAS solutions with maximum
The reason I`m doing it is to have a solution where passphrase never leave host or better, never leave cryptsetup tool. My company is working on NAS solutions with maximum
security lever.
Imagine you have servers with 24 bays and few root administrators. What is a chance of disk leakage e.g. where drive is being replace for new one under warranty
condition? With MooseFS (btw an excellent tool), LUKS, passprase on crypto card/token and cryptsetup supporting pkcs11 you can format disk using token as storage and two-factor
authentication device. Am I thinking correctly? For backup you can add second key (the same way or classic, just for backup) and sys admins never see key(s). Using now available
methods (gnupgp or pkcs11-data) you can easlly modify scripts to dump passphrase or keyfile. I want to minimize it.
Of course I`m not expecting that maintainers of official cryptsetup will integrate it. Maybe some day. Those I was thinking about GitHub. I can make a fork of official cryptsetup, then
fork from it to my version. Community can see what cams from and how.
Anyway lots of job to be done before code will be ready to place on public repo.It will be, maybe in next 2-3 weeks. If you are interested, good and help full source of smartcards is
SmartCardsFocus. Thanks guys for help with ACOS5-64 cards! RSA4096 is finally working well under PKCS#11. Good job.
Regards
Krzysztof Rutecki
Krzysztof Rutecki
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
