* [dm-crypt] OPENSSL / PKCS#12/10
@ 2010-01-10 21:22 François Chenais
2010-01-11 16:22 ` Arno Wagner
0 siblings, 1 reply; 4+ messages in thread
From: François Chenais @ 2010-01-10 21:22 UTC (permalink / raw)
To: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 273 bytes --]
Hello,
Actually, dm-crypt uses stdin and file for password input.
Is there any plan to add the option of using external
gpg/RSA/pkcs#12/pkcs#10 files ?
The idea is to use an crypted file stored on an external device (USB KEY,
token...)
Thanks
François
[-- Attachment #2: Type: text/html, Size: 313 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dm-crypt] OPENSSL / PKCS#12/10
2010-01-10 21:22 [dm-crypt] OPENSSL / PKCS#12/10 François Chenais
@ 2010-01-11 16:22 ` Arno Wagner
2010-01-11 19:13 ` François Chenais
0 siblings, 1 reply; 4+ messages in thread
From: Arno Wagner @ 2010-01-11 16:22 UTC (permalink / raw)
To: dm-crypt
On Sun, Jan 10, 2010 at 10:22:28PM +0100, Fran?ois Chenais wrote:
> Hello,
>
> Actually, dm-crypt uses stdin and file for password input.
>
> Is there any plan to add the option of using external
> gpg/RSA/pkcs#12/pkcs#10 files ?
>
> The idea is to use an crypted file stored on an external device (USB KEY,
> token...)
You can already do that by using a named pipe as file (or stdin)
and then having a preprocessor that decrypts the encrupted key file
to this pipe. This is actually the preferred way, as it keeps the
complexity of cryptsetup low.
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dm-crypt] OPENSSL / PKCS#12/10
2010-01-11 16:22 ` Arno Wagner
@ 2010-01-11 19:13 ` François Chenais
2010-01-11 20:36 ` Arno Wagner
0 siblings, 1 reply; 4+ messages in thread
From: François Chenais @ 2010-01-11 19:13 UTC (permalink / raw)
To: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 1332 bytes --]
2010/1/11 Arno Wagner <arno@wagner.name>
> On Sun, Jan 10, 2010 at 10:22:28PM +0100, Fran?ois Chenais wrote:
> > Hello,
> >
> > Actually, dm-crypt uses stdin and file for password input.
> >
> > Is there any plan to add the option of using external
> > gpg/RSA/pkcs#12/pkcs#10 files ?
> >
> > The idea is to use an crypted file stored on an external device (USB KEY,
> > token...)
>
> You can already do that by using a named pipe as file (or stdin)
> and then having a preprocessor that decrypts the encrupted key file
> to this pipe. This is actually the preferred way, as it keeps the
> complexity of cryptsetup low.
>
>
Something like this ?
openssl pkcs12 -in file.p12 -nodes -nocerts | cryptsetup ...
François
> Arno
> --
> Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email:
> arno@wagner.name
> GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25
> 338F
> ----
> Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
>
> If it's in the news, don't worry about it. The very definition of
> "news" is "something that hardly ever happens." -- Bruce Schneier
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>
[-- Attachment #2: Type: text/html, Size: 2081 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dm-crypt] OPENSSL / PKCS#12/10
2010-01-11 19:13 ` François Chenais
@ 2010-01-11 20:36 ` Arno Wagner
0 siblings, 0 replies; 4+ messages in thread
From: Arno Wagner @ 2010-01-11 20:36 UTC (permalink / raw)
To: dm-crypt
On Mon, Jan 11, 2010 at 08:13:40PM +0100, Fran?ois Chenais wrote:
> 2010/1/11 Arno Wagner <arno@wagner.name>
>
> > On Sun, Jan 10, 2010 at 10:22:28PM +0100, Fran?ois Chenais wrote:
> > > Hello,
> > >
> > > Actually, dm-crypt uses stdin and file for password input.
> > >
> > > Is there any plan to add the option of using external
> > > gpg/RSA/pkcs#12/pkcs#10 files ?
> > >
> > > The idea is to use an crypted file stored on an external device (USB KEY,
> > > token...)
> >
> > You can already do that by using a named pipe as file (or stdin)
> > and then having a preprocessor that decrypts the encrupted key file
> > to this pipe. This is actually the preferred way, as it keeps the
> > complexity of cryptsetup low.
> >
> >
> Something like this ?
>
> openssl pkcs12 -in file.p12 -nodes -nocerts | cryptsetup ...
>
> Fran?ois
>
Essentially, yes.
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-01-11 20:35 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-01-10 21:22 [dm-crypt] OPENSSL / PKCS#12/10 François Chenais
2010-01-11 16:22 ` Arno Wagner
2010-01-11 19:13 ` François Chenais
2010-01-11 20:36 ` Arno Wagner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.