30 Jul 23:37
A12-140 Piping two gpg'ed keys to cryptsetup luksAddKey
From: Mick Reed <oregon.mick@...>
Subject: A12-140 Piping two gpg'ed keys to cryptsetup luksAddKey
Newsgroups: gmane.linux.kernel.device-mapper.dm-crypt
Date: 2008-07-30 21:40:01 GMT
Subject: A12-140 Piping two gpg'ed keys to cryptsetup luksAddKey
Newsgroups: gmane.linux.kernel.device-mapper.dm-crypt
Date: 2008-07-30 21:40:01 GMT
This may be a feature request, or just a call for some bash scripting help:
I would like to add a (piped, gpg'ed) key to a luks partition that was
originally formatted with a piped key from gpg:
Create the container
# gpg --decrypt --quiet 2>>/dev/null first_key.gpg | cryptsetup \
luksFormat /dev/partition
So gpg will ask for my passphrase for my (usb random) key, and then pipe the
decrypted output to cryptsetup, creating the container.
Now comes the question: how to pipe in the original key and a new piped key
at the same time, for the luksAddKey action.
I have tried unsuccessfully to use the --key-file=- option and some bash
constructs like (subshells) and {code blocks} along with pipes. The best I
have been able to do is get the new key in, but with a <cr> added or some
other mangling. That doesn't work, when later trying to luksOpen the
container with the new key.
To clarify further, I don't want to use an intermediate or temporary cleartext
key, or UUencode either of the random gpg keys. I also don't want to take
the key apart and write it to a temporary file.
If we can't find a way to do this, I will be happy to help with a patch. I am
not a good enough coder to solve this on my own, yet. I do think there is a
need for this, please offer any suggestions. Thanks!
Mick Reed
(Continue reading)
RSS Feed