* [dm-crypt] unlock via password and device
@ 2020-11-10 9:04 chiasa.men
2020-11-10 17:34 ` Arno Wagner
0 siblings, 1 reply; 2+ messages in thread
From: chiasa.men @ 2020-11-10 9:04 UTC (permalink / raw)
To: dm-crypt
For the purpose of full disc encryption the tutorials usually suggest to
decrypt luks via usbkey.
The keyscript then often waits the key to appear for several seconds, after
that they fall back to the password prompt.
If the key appears after the waiting time it is ignored.
Is there a way to "step back" after the password prompt appeared?
The current workaround is another process that loops for the key in the
background, decrypts the disk and kills "askpass" several times (resulting in
"wrong password" in the main process)
What would be a clean way to implement the wanted behavior?
As I understood, the keyscript has to print the key to stdout.
I would expect the following keyscript construct to work as well:
---
while luksNotOpened
if [ -e key ]
dd if=key
sleep 1
done &
askpass
---
The background process should still print to stdout and I guess askpass would
do the same when enter is pressed?
However that does not work
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: [dm-crypt] unlock via password and device
2020-11-10 9:04 [dm-crypt] unlock via password and device chiasa.men
@ 2020-11-10 17:34 ` Arno Wagner
0 siblings, 0 replies; 2+ messages in thread
From: Arno Wagner @ 2020-11-10 17:34 UTC (permalink / raw)
To: dm-crypt
What about killing cryptsetup before killing askpass?
Regards,
Arno
On Tue, Nov 10, 2020 at 10:04:02 CET, chiasa.men wrote:
> For the purpose of full disc encryption the tutorials usually suggest to
> decrypt luks via usbkey.
> The keyscript then often waits the key to appear for several seconds, after
> that they fall back to the password prompt.
>
> If the key appears after the waiting time it is ignored.
>
> Is there a way to "step back" after the password prompt appeared?
>
> The current workaround is another process that loops for the key in the
> background, decrypts the disk and kills "askpass" several times (resulting in
> "wrong password" in the main process)
>
> What would be a clean way to implement the wanted behavior?
>
> As I understood, the keyscript has to print the key to stdout.
>
> I would expect the following keyscript construct to work as well:
>
> ---
> while luksNotOpened
> if [ -e key ]
> dd if=key
> sleep 1
> done &
>
> askpass
> ---
> The background process should still print to stdout and I guess askpass would
> do the same when enter is pressed?
> However that does not work
>
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> https://www.saout.de/mailman/listinfo/dm-crypt
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-11-10 17:34 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-11-10 9:04 [dm-crypt] unlock via password and device chiasa.men
2020-11-10 17:34 ` Arno Wagner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox