in my case it's a server, in any place in the world, and the https server that will send the key, is a server in my house or somewhere that i can 'block'/'unblock' server
in other words, others servers only can use the disk if i say what's the passkey, without my passkey no mount exists
i will read your links, and understand what could be done
any others ideas?
2013/6/30 .. ink .. <mhogomchungu@xxxxxxxxx>
I think the proper steps would beHi guys, i want to create a map to my crypted diskbut, instead of putting the passkey every time, or using a pkcs11 (smart card), i want to get the passkey from a external server via networkin other words:1)place a new hard disk2)setup dm-crypt over disk3) mount disk using a external server like "https://www.host.com/get_passkey.php?UUID=xxxxx"anyone done something like it? or near it? maybe i'm talking about something that already exists
1. identify a LUKS based encrypted volume you want to unlock.
2. get the UUID of the encrypted volume
3. securely,get the key mapped to the UUID from another computer over the network
4. use the key to unlock the volume
5. mount the unlocked volume
6. ????
7. profit!!!
I have a project[1] that interfaces with cryptsetup and it has plugin architecture and can do the above when a plugin with the functionality is written.Source code for a plugin that get a key from gnome-keyring is here[1] so the plugin interface is simple enough. I envisioned making a plugin that does what you are thinking but never made one since i do not have a personal use case for it and nobody asked for it.
[1] http://code.google.com/p/zulucrypt/
[2] http://code.google.com/p/zulucrypt/source/browse/plugins/keyring/keyring.c
Roberto Spadim
SPAEmpresarial
SPAEmpresarial
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
