Hi,
The reason I want this is be have the option of entering a password manually, or have it automatically provided by a program at the same time.
So the idea is, for example, I turn on my laptop and either type the password, or insert a security token. The password helper program would interact with the token, and provide a password from it.
Does that make sense? I realise it is a bit silly, but relying on systemd to provide a password seems suboptimal. It's just an easy way of getting vendor specific USB support without he libs in cryptsetup itself.
But for sure I won't take any offence if it's a no go, I can do it for my own systems easily enough.
Cheers,
Dan Farrell
On Wed, 15 Apr 2020, 12:38 Milan Broz, <gmazyland@xxxxxxxxx> wrote:
On 15/04/2020 08:37, Dan Farrell wrote:
>
> Please take a look at the attached, feel to poke fun at it, it is
> terrible for all of the reasons.
>
> But, if something that did what is achieved in this patch was done
> properly, would it be even possible to get it merged?
Hi,
Why do you need this? Cryptsetup easily allows to pipe passphrase:
/path/some_helper | cryptsetup open ....
(some tricks are needed to process binary input, but it is possible,
see man page or ask here).
For LUKS2, you can also define keyring token, store passphrase in keyring
under defined name and then cryptsetup automagically use it in open command.
(Even systemd-ask-password scripts can be used to automate it, but
I understand there is a group of people that is quite reserved to this,
me included. For reference see clevis/tang project, but please do not
ask me about it in detail :-)
Milan
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
