Re: passkey over network

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



in my case it's a server, in any place in the world, and the https server that will send the key, is a server in my house or somewhere that i can 'block'/'unblock' server
in other words, others servers only can use the disk if i say what's the passkey, without my passkey no mount exists

i will read your links, and understand what could be done
any others ideas?


2013/6/30 .. ink .. <mhogomchungu@xxxxxxxxx>


Hi guys, i want to create a map to my crypted disk
but, instead of putting the passkey every time, or using a pkcs11 (smart card), i want to get the passkey from a external server via network
in other words:

1)place a new hard disk
2)setup dm-crypt over disk
3) mount disk using a external server like "https://www.host.com/get_passkey.php?UUID=xxxxx"

anyone done something like it? or near it? maybe i'm talking about something that already exists

 
I think the proper steps would be
1. identify a LUKS based encrypted volume you want to unlock.
2. get the UUID of the encrypted volume
3. securely,get the key mapped to the UUID from another computer over the network
4. use the key to unlock the volume
5. mount the unlocked volume
6. ????
7. profit!!!

I have a project[1] that interfaces with cryptsetup and it has plugin architecture and can do the above when a plugin with the functionality is written.Source code for a plugin that get a key from gnome-keyring is here[1] so the plugin interface is simple enough. I envisioned making a plugin that does what you are thinking but never made one since i do not have a personal use case for it and nobody asked for it.

[1] http://code.google.com/p/zulucrypt/
[2] http://code.google.com/p/zulucrypt/source/browse/plugins/keyring/keyring.c





--
Roberto Spadim
SPAEmpresarial
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt

[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux