From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com
 [IPv6:2a00:1450:4864:20::334])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Wed, 15 Apr 2020 21:38:42 +0200 (CEST)
Received: by mail-wm1-x334.google.com with SMTP id y24so1162019wma.4
 for <dm-crypt@saout.de>; Wed, 15 Apr 2020 12:38:42 -0700 (PDT)
References: <233063842.2717340.1586366160963.ref@mail.yahoo.com>
 <233063842.2717340.1586366160963@mail.yahoo.com>
 <CAKO8ematZ+n3hA7_dbwL+b1LVnf2KNHTPbzHNAp7kwWi8sDpig@mail.gmail.com>
 <65d9482aafb2bb4c4753f272d3c8b418c1f1d590.camel@yahoo.com>
 <6114e747-a8cd-c0c6-ccc8-7f666f04d32b@gmail.com>
 <CAKO8emYr9z7Yk8A09H7YKFaLqG+=BgGCdBbnzOMmT+8bLqvRMg@mail.gmail.com>
From: Milan Broz <gmazyland@gmail.com>
Message-ID: <3a5505de-2a6a-ebd0-8468-af1661bd243b@gmail.com>
Date: Wed, 15 Apr 2020 21:38:38 +0200
MIME-Version: 1.0
In-Reply-To: <CAKO8emYr9z7Yk8A09H7YKFaLqG+=BgGCdBbnzOMmT+8bLqvRMg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] cryptsetup Yubikey challenge-response support
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <https://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <https://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <https://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Dan Farrell <djfarrell@gmail.com>
Cc: JT Moree <moreejt@yahoo.com>, dm-crypt <dm-crypt@saout.de>

On 15/04/2020 08:37, Dan Farrell wrote:
> 
> Please take a look at the attached, feel to poke fun at it, it is
> terrible for all of the reasons.
> 
> But, if something that did what is achieved in this patch was done
> properly, would it be even possible to get it merged?

Hi,

Why do you need this? Cryptsetup easily allows to pipe passphrase:

/path/some_helper | cryptsetup open ....

(some tricks are needed to process binary input, but it is possible,
see man page or ask here).

For LUKS2, you can also define keyring token, store passphrase in keyring
under defined name and then cryptsetup automagically use it in open command.

(Even systemd-ask-password scripts can be used to automate it, but
I understand there is a group of people that is quite reserved to this,
me included. For reference see clevis/tang project, but please do not
ask me about it in detail :-)

Milan