From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Wed, 30 Mar 2016 18:27:58 +0200 (CEST) Received: by mail-wm0-x236.google.com with SMTP id p65so190576526wmp.1 for ; Wed, 30 Mar 2016 09:27:58 -0700 (PDT) References: <1118698616.11095.1459343934401.JavaMail.zimbra@infodat.com.ar> From: Milan Broz Message-ID: <56FBFE8B.3000807@gmail.com> Date: Wed, 30 Mar 2016 18:27:55 +0200 MIME-Version: 1.0 In-Reply-To: <1118698616.11095.1459343934401.JavaMail.zimbra@infodat.com.ar> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Quorum system on decryption passphrase List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Fernando D. Pedemonte" , dm-crypt@saout.de On 03/30/2016 03:18 PM, Fernando D. Pedemonte wrote: > Dear List > > I am trying to setup an encrypted partition, and I requiere 2 people of 3 putting a pass-phrase to unlock the device. > Is there any way that I can setup in the system to require keys in two different slots to unlock the device? If you mean something like Shamir's secret sharing (you need N of M parts to unlock the key), LUKS doesn't provide this directly, but Clevis/Tang project is going this way (in development). See end of slides from DevConf - http://slides.com/npmccallum/devconf16#/35 (Not usable yet but good to know about it :-) Milan