All of lore.kernel.org
 help / color / mirror / Atom feed
* [dm-crypt] OPENSSL / PKCS#12/10
@ 2010-01-10 21:22 François Chenais
  2010-01-11 16:22 ` Arno Wagner
  0 siblings, 1 reply; 4+ messages in thread
From: François Chenais @ 2010-01-10 21:22 UTC (permalink / raw)
  To: dm-crypt

[-- Attachment #1: Type: text/plain, Size: 273 bytes --]

Hello,

Actually, dm-crypt uses stdin and file for password input.

Is there any plan to add the option of using external
gpg/RSA/pkcs#12/pkcs#10 files ?

The idea is to use an crypted file stored on an external device (USB KEY,
token...)

Thanks

   François

[-- Attachment #2: Type: text/html, Size: 313 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [dm-crypt] OPENSSL / PKCS#12/10
  2010-01-10 21:22 [dm-crypt] OPENSSL / PKCS#12/10 François Chenais
@ 2010-01-11 16:22 ` Arno Wagner
  2010-01-11 19:13   ` François Chenais
  0 siblings, 1 reply; 4+ messages in thread
From: Arno Wagner @ 2010-01-11 16:22 UTC (permalink / raw)
  To: dm-crypt

On Sun, Jan 10, 2010 at 10:22:28PM +0100, Fran?ois Chenais wrote:
> Hello,
> 
> Actually, dm-crypt uses stdin and file for password input.
> 
> Is there any plan to add the option of using external
> gpg/RSA/pkcs#12/pkcs#10 files ?
> 
> The idea is to use an crypted file stored on an external device (USB KEY,
> token...)

You can already do that by using a named pipe as file (or stdin)
and then having a preprocessor that decrypts the encrupted key file
to this pipe. This is actually the preferred way, as it keeps the 
complexity of cryptsetup low.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [dm-crypt] OPENSSL / PKCS#12/10
  2010-01-11 16:22 ` Arno Wagner
@ 2010-01-11 19:13   ` François Chenais
  2010-01-11 20:36     ` Arno Wagner
  0 siblings, 1 reply; 4+ messages in thread
From: François Chenais @ 2010-01-11 19:13 UTC (permalink / raw)
  To: dm-crypt

[-- Attachment #1: Type: text/plain, Size: 1332 bytes --]

2010/1/11 Arno Wagner <arno@wagner.name>

> On Sun, Jan 10, 2010 at 10:22:28PM +0100, Fran?ois Chenais wrote:
> > Hello,
> >
> > Actually, dm-crypt uses stdin and file for password input.
> >
> > Is there any plan to add the option of using external
> > gpg/RSA/pkcs#12/pkcs#10 files ?
> >
> > The idea is to use an crypted file stored on an external device (USB KEY,
> > token...)
>
> You can already do that by using a named pipe as file (or stdin)
> and then having a preprocessor that decrypts the encrupted key file
> to this pipe. This is actually the preferred way, as it keeps the
> complexity of cryptsetup low.
>
>
Something like this ?

     openssl pkcs12 -in file.p12 -nodes -nocerts | cryptsetup ...

  François















> Arno
> --
> Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email:
> arno@wagner.name
> GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25
> 338F
> ----
> Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
>
> If it's in the news, don't worry about it.  The very definition of
> "news" is "something that hardly ever happens." -- Bruce Schneier
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>

[-- Attachment #2: Type: text/html, Size: 2081 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [dm-crypt] OPENSSL / PKCS#12/10
  2010-01-11 19:13   ` François Chenais
@ 2010-01-11 20:36     ` Arno Wagner
  0 siblings, 0 replies; 4+ messages in thread
From: Arno Wagner @ 2010-01-11 20:36 UTC (permalink / raw)
  To: dm-crypt

On Mon, Jan 11, 2010 at 08:13:40PM +0100, Fran?ois Chenais wrote:
> 2010/1/11 Arno Wagner <arno@wagner.name>
> 
> > On Sun, Jan 10, 2010 at 10:22:28PM +0100, Fran?ois Chenais wrote:
> > > Hello,
> > >
> > > Actually, dm-crypt uses stdin and file for password input.
> > >
> > > Is there any plan to add the option of using external
> > > gpg/RSA/pkcs#12/pkcs#10 files ?
> > >
> > > The idea is to use an crypted file stored on an external device (USB KEY,
> > > token...)
> >
> > You can already do that by using a named pipe as file (or stdin)
> > and then having a preprocessor that decrypts the encrupted key file
> > to this pipe. This is actually the preferred way, as it keeps the
> > complexity of cryptsetup low.
> >
> >
> Something like this ?
> 
>      openssl pkcs12 -in file.p12 -nodes -nocerts | cryptsetup ...
> 
>   Fran?ois
> 

Essentially, yes.

Arno

-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-01-11 20:35 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-01-10 21:22 [dm-crypt] OPENSSL / PKCS#12/10 François Chenais
2010-01-11 16:22 ` Arno Wagner
2010-01-11 19:13   ` François Chenais
2010-01-11 20:36     ` Arno Wagner

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.