From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <moreejt@yahoo.com>
Received: from sonic310-21.consmr.mail.gq1.yahoo.com
 (sonic310-21.consmr.mail.gq1.yahoo.com [98.137.69.147])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Mon, 30 Mar 2020 22:18:41 +0200 (CEST)
Date: Mon, 30 Mar 2020 20:17:39 +0000 (UTC)
From: =?UTF-8?Q?JT_Mor=C3=A9e?= <moreejt@yahoo.com>
Message-ID: <5602805.1319309.1585599459612@mail.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
References: <5602805.1319309.1585599459612.ref@mail.yahoo.com>
Subject: [dm-crypt] unbound keys
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <https://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <https://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <https://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Dm-crypt <dm-crypt@saout.de>

After reading the luks2 FAQ, spec and archives I don't understand what an u=
nbound key is used for.

Assuming the unbound key is created from encrypting the given file with the=
 other file specified by --master-key-file: how would I use it?=C2=A0 Can i=
t be extracted so that I can decrypt it later?=C2=A0 Do I need to write C c=
ode to extract the data as-is it or will cryptsetup already do it?=C2=A0=C2=
=A0 If not and I'm going to write C then should it be integrated as a new c=
ommand in cryptsetup?

Since the unbound feature does the encryption: is it compatible with a smar=
t card (PGP/GPG)?

=C2=A0 sudo cryptsetup luksAddKey --unbound --master-key-file ../lukstest/p=
ublickey.pem /dev/sdb --key-size 512 ../lukstest/privatekey


JT