Am Montag, 11. Mai 2015, 17:42:12 schrieb Herbert Xu: Hi Herbert, >On Fri, May 01, 2015 at 03:21:19PM +0200, Stephan Mueller wrote: >> My idea would be to use keywrap in step 3. > >How is dm-crypt going to cope with the increase in ciphertext size? The LUKS header is not fixed-size, so it would be able to handle the increased cipher text size. But I think I should rather go back and write up the ideas that I have for key handling. Currently it seems that too many components in kernel and user space handle plaintext keys. After writing that one up, I like to present it with an assoicated discussion of how to handle key wrapping considering that addition of it to the kernel crypto API is not possible at this point. Thanks for your help. Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
