Hi, you cannot protect the encryption keys in an HSM. To be effective, they need to be known to the kernel and are hence exposed to root, see also FAQ Item 6.10. This is a fundamental limitation of software-nased encryption. Or maybe you want to _store_ the _passphrases_ in an HSM when not in use? In that case youmay want to feed them to cryptsetup via stdin, as described in the man-page. Arno On Thu, Mar 06, 2014 at 08:17:59 CET, Sharma, Manjari wrote: > Hi Cryptsetup team, > > This is Manjari Sharma from SafeNet. SafeNet is the largest company > exclusively focused on the protection of high-value information assets. > I'm trying to integrate our HSM with LUKS so that the encryption keys are > protected in an HSM. > > Could you please help to provide some pointer. I could not find anything > relevant after searching for hours, all I can be assured of is that it can > be done. > > Your help would be highly appreciated. > > Thanks, > > Kind Regards, > Manjari > > The information contained in this electronic mail transmission > may be privileged and confidential, and therefore, protected > from disclosure. If you have received this communication in > error, please notify us immediately by replying to this > message and deleting it from your computer without copying > or disclosing it. > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. - Plato _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
