> To make the example and explanation more complete: You can store secret > in unbound keyslot. So technically you may use LUKS2 unbound keyslot as ... >I'm not sure this is most practical use for LUKS2 unbound keyslot, >Regards O. I'm glad you brought that up because it leads to my next questions about the token feature. I have a binary blob which is a private key generated from random binary data that is encrypted with a gpg public key into pkcs format. I want to store it in the luks2 header for use with smart card. This seems to be the direction this project is heading and I would like to help (or understand alternatives and help with those). >From the other messages we have on this list and the LUKS2 spec I understand that the token imports json (text) data. If I wanted to store arbitrary binary data it would have to be encoded. Am I correct in understanding of the project current status and future? I would like to read/discuss/explore options related to making it easier to use smart cards with LUKS. For reference I am following procedures such as those documented here: https://randomoracle.wordpress.com/2015/12/21/getting-by-without-passwords-disk-encryption-part-iii/ and https://blog.g3rt.nl/luks-smartcard-or-token.html _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
