Re: cryptsetup Yubikey challenge-response support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

I believe this is a very good idea, but the implementation should not be limited to yubikey. There are other solutions out there (nitrokey is one) that would also need to be supported IMHO.

In addition, I would favor the implementation support of bare usb keys (mass storage), for those of us who wish to use their already-owned encrypted mass storage keys in order to unlock their drive.

I had started to implement this (the latter part) in the Alpine Linux initramfs some years ago but given the complexity of the task and the lack of public interest, coupled with FOSS politics, I gave up on it.

If you start working on an implementation, I'd be curious to see that and I could eventually participate.

Also, your email looks just fine to me :)

Cheers,
7heo

On Apr 8, 2020 09:54, Dan Farrell <djfarrell@xxxxxxxxx> wrote:
>
> Hi, 
>
> Hopefully this email comes through without HTML and property wrapped, 
> sorry if it doesn't. 
>
> I am wondering if any group has started or is interested in adding 
> Yubikey challenge-response support to cryptsetup? 
>
> The idea would be to add the option to insert a USB key to (optionally 
> automagically) unlock at boot time (or whenever cryptsetup is 
> running). There would be a backup password of course. 
>
> I'm interested in doing this for myself if it's not underway at the 
> moment. I have some basic ideas on how to do this. I do realise this 
> could be done external to cryptsetup with distro support, but doing 
> that messing around with initramfs etc sounds painful, let alone each 
> distro would need be supported individually. 
>
> If it's of no interest, that's ok, I'll do it for myself. But if there 
> is interest I would be willing to work with maintainers to find the 
> best way to do this and contribute the effort. 
>
> Regards, 
>
> Dan Farrell 
> _______________________________________________ 
> dm-crypt mailing list 
> dm-crypt@xxxxxxxx 
> https://www.saout.de/mailman/listinfo/dm-crypt 
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
https://www.saout.de/mailman/listinfo/dm-crypt



[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux