Re: Creating a LUKS container with a pre-made Argon hash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/12/2020 00:07, Misha Gusarov wrote:
> I'm trying to do an unattended rollout of Linux installations with FDE 
> set up.
> I would like to avoid storing credentials in the configuration 
> repository though.
> 
> Is there a way to pass a pre-made Argon password hash to cryptsetup to 
> use to
> generate a new master key, or is the plaintext password needed for this 
> operation?

No, there is no such function.

Not sure if I understand this use case, but you cannot regenerate
master (volume) key without providing input that unlocks keyslot
that stores that key. (Or you need to provide the whole binary
keyslot area).

But you can later regenerate volume key with reencrypt command.

(Some deployed systems call this during first boot.)

Milan


_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
https://www.saout.de/mailman/listinfo/dm-crypt



[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux