* [dm-crypt] [ANNOUNCE] cryptsetup 1.1.2
@ 2010-05-30 18:45 Milan Broz
2010-05-31 16:32 ` [dm-crypt] passing passphares via stdin/pipes Christoph Anton Mitterer
0 siblings, 1 reply; 2+ messages in thread
From: Milan Broz @ 2010-05-30 18:45 UTC (permalink / raw)
To: dm-crypt; +Cc: device-mapper development
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The stable cryptsetup 1.1.2 release is available at
http://code.google.com/p/cryptsetup/
Feedback and bug reports are welcomed.
Milan
mbroz@redhat.com
== Cryptsetup 1.1.2 Release Notes ==
This release fixes a regression (introduced in 1.1.1 version) in handling
key files containing new line characters (affects only files read from
standard input).
Cryptsetup can accept passphrase on stdin (standard input).
Handling of new line (\n) character is defined by input specification:
* if keyfile is specified as "-" (using --key-file=- of by "-" positional argument
in luksFormat and luksAddKey, like cat file | cryptsetup --key-file=- <action>),
input is processed as normal binary file and no new line is interpreted.
* if there is no key file specification (with default input from stdin pipe
like echo passphrase | cryptsetup <action>) input is processed as input from terminal,
reading will stop after new line is detected.
Moreover, luksFormat now understands --key-file (in addition to positional key
file argument).
N.B. Using of standard input and pipes for passphrases should be avoided if possible,
cryptsetup have no control of used pipe buffers between commands in scripts and cannot
guarantee that all passphrase/key-file buffers are properly wiped after use.
=== changes since version 1.1.1 ===
* Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile.
* Support --key-file/-d option for luksFormat.
* Fix description of --key-file and add --verbose and --debug options to man page.
* Add verbose log level and move unlocking message there.
* Remove device even if underlying device disappeared (remove, luksClose).
* Fix (deprecated) reload device command to accept new device argument.
For changes in previous version please see Cryptsetup 1.1.1 Release Notes
http://code.google.com/p/cryptsetup/wiki/Cryptsetup111
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwCskMACgkQf1Jlc7shgi8qoACeJ/kHiVoasT7XR/hpfu4I2seA
KKIAn362smF2PNQFyI8OjL1fn0hrdsZy
=hHU3
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 2+ messages in thread
* [dm-crypt] passing passphares via stdin/pipes
2010-05-30 18:45 [dm-crypt] [ANNOUNCE] cryptsetup 1.1.2 Milan Broz
@ 2010-05-31 16:32 ` Christoph Anton Mitterer
0 siblings, 0 replies; 2+ messages in thread
From: Christoph Anton Mitterer @ 2010-05-31 16:32 UTC (permalink / raw)
To: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 502 bytes --]
Hi Milan.
On Sun, 2010-05-30 at 20:45 +0200, Milan Broz wrote:
> N.B. Using of standard input and pipes for passphrases should be avoided if possible,
> cryptsetup have no control of used pipe buffers between commands in scripts and cannot
> guarantee that all passphrase/key-file buffers are properly wiped after use.
What else would you suggest? I mean take stuff like Debian's
key-scripts.... for them, I guess, there is basically no other way to
pass the passphrase.
Cheers,
Chris.
[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 3387 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-05-31 16:32 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-05-30 18:45 [dm-crypt] [ANNOUNCE] cryptsetup 1.1.2 Milan Broz
2010-05-31 16:32 ` [dm-crypt] passing passphares via stdin/pipes Christoph Anton Mitterer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox