* [dm-crypt] Creating a LUKS container with a pre-made Argon hash @ 2020-12-11 23:07 Misha Gusarov 2020-12-11 23:07 ` Misha Gusarov 2020-12-22 13:42 ` Milan Broz 0 siblings, 2 replies; 3+ messages in thread From: Misha Gusarov @ 2020-12-11 23:07 UTC (permalink / raw) To: dm-crypt Hello. I'm trying to do an unattended rollout of Linux installations with FDE set up. I would like to avoid storing credentials in the configuration repository though. Is there a way to pass a pre-made Argon password hash to cryptsetup to use to generate a new master key, or is the plaintext password needed for this operation? Best, Misha. ^ permalink raw reply [flat|nested] 3+ messages in thread
* [dm-crypt] Creating a LUKS container with a pre-made Argon hash 2020-12-11 23:07 [dm-crypt] Creating a LUKS container with a pre-made Argon hash Misha Gusarov @ 2020-12-11 23:07 ` Misha Gusarov 2020-12-22 13:42 ` Milan Broz 1 sibling, 0 replies; 3+ messages in thread From: Misha Gusarov @ 2020-12-11 23:07 UTC (permalink / raw) To: dm-crypt Hello. I'm trying to do an unattended rollout of Linux installations with FDE set up. I would like to avoid storing credentials in the configuration repository though. Is there a way to pass a pre-made Argon password hash to cryptsetup to use to generate a new master key, or is the plaintext password needed for this operation? Best, Misha. _______________________________________________ dm-crypt mailing list dm-crypt@saout.de https://www.saout.de/mailman/listinfo/dm-crypt ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dm-crypt] Creating a LUKS container with a pre-made Argon hash 2020-12-11 23:07 [dm-crypt] Creating a LUKS container with a pre-made Argon hash Misha Gusarov 2020-12-11 23:07 ` Misha Gusarov @ 2020-12-22 13:42 ` Milan Broz 1 sibling, 0 replies; 3+ messages in thread From: Milan Broz @ 2020-12-22 13:42 UTC (permalink / raw) To: Misha Gusarov, dm-crypt On 12/12/2020 00:07, Misha Gusarov wrote: > I'm trying to do an unattended rollout of Linux installations with FDE > set up. > I would like to avoid storing credentials in the configuration > repository though. > > Is there a way to pass a pre-made Argon password hash to cryptsetup to > use to > generate a new master key, or is the plaintext password needed for this > operation? No, there is no such function. Not sure if I understand this use case, but you cannot regenerate master (volume) key without providing input that unlocks keyslot that stores that key. (Or you need to provide the whole binary keyslot area). But you can later regenerate volume key with reencrypt command. (Some deployed systems call this during first boot.) Milan _______________________________________________ dm-crypt mailing list dm-crypt@saout.de https://www.saout.de/mailman/listinfo/dm-crypt ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-12-22 13:43 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-12-11 23:07 [dm-crypt] Creating a LUKS container with a pre-made Argon hash Misha Gusarov 2020-12-11 23:07 ` Misha Gusarov 2020-12-22 13:42 ` Milan Broz
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).