Re: [PATCH] 90crypt: keys on external devices support

["Amadeusz Żołnowski" <aidecoe-2qtfh70TtYba5EbDDlwbIw@public.gmane.org>]

[-- Attachment #1: Type: text/plain, Size: 2208 bytes --]

Excerpts from Mr Dash Four's message of Tue Oct 19 16:33:33 +0200 2010:
> Glad to see there is progress made. What are the plans? As I pointed
> out I am currently interested in making dracut work with external key
> files and tokens (the latter is a much-pressing need on my as I am
> going to rely on it heavily!).

Improve part responsible for getting keys from removable media.  Now
it's done synchronously and it implies some issues.  I'm gonna correct
it to use udev soon.

Next thing is give possibility to put keys inside initramfs.

Later future is support for crypto related things which will get into my
hands, since I'm just a student right now. :-)


> >> I am also interested to see whether there are plans (or, indeed
> >> attempted implementations) to introduce smartcard support to LUKS
> >> partitions (boot or not)? Many thanks
> >>
> >
> > I haven't planned that and haven't heard of anybody planning that,
> > but if I would have such a gadget I'd probably be happy to implement
> > support for it soon or later.
> >
> I am still in a learning curve as far as dracut is concerned - hence
> why I was glad when I found your patch as I intend to use it as a
> template to implement token support.
>
> It won't be easy as there are dependencies on (at least) 3 packages,
> but if I finally manage to overcome these the 'login' is very similar
> to the 'password' authentication currently present - once the password
> (PIN token in this case) is captured then there is a program
> (pkcs11-tool and/or pkcs15-tool) which reads the relevant key data and
> which then could present it to luksOpen (as a pipe, i.e. 'cat keydata
> | cryptsetup luksOpen --key-file=-') without further need for input
> from the user.
>
> I have 'manually' done this (via command line shell script) and it
> works without a problem, so once I get to grips with dracut and find
> out how to install dependancies/packages in the initramfs image then
> it won't be difficult.

If you'd like to write support for smartcard, I'd be glad to see it as
a separate module.  Don't hesitate to post your progress on ml for our
review.
-- 
Amadeusz Żołnowski

PGP key fpr: C700 CEDE 0C18 212E 49DA  4653 F013 4531 E1DB FAB5

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 490 bytes --]