* [dm-crypt] Creating a LUKS container with a pre-made Argon hash
@ 2020-12-11 23:07 Misha Gusarov
2020-12-11 23:07 ` Misha Gusarov
2020-12-22 13:42 ` Milan Broz
0 siblings, 2 replies; 3+ messages in thread
From: Misha Gusarov @ 2020-12-11 23:07 UTC (permalink / raw)
To: dm-crypt
Hello.
I'm trying to do an unattended rollout of Linux installations with FDE
set up.
I would like to avoid storing credentials in the configuration
repository though.
Is there a way to pass a pre-made Argon password hash to cryptsetup to
use to
generate a new master key, or is the plaintext password needed for this
operation?
Best,
Misha.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [dm-crypt] Creating a LUKS container with a pre-made Argon hash
2020-12-11 23:07 [dm-crypt] Creating a LUKS container with a pre-made Argon hash Misha Gusarov
@ 2020-12-11 23:07 ` Misha Gusarov
2020-12-22 13:42 ` Milan Broz
1 sibling, 0 replies; 3+ messages in thread
From: Misha Gusarov @ 2020-12-11 23:07 UTC (permalink / raw)
To: dm-crypt
Hello.
I'm trying to do an unattended rollout of Linux installations with FDE
set up.
I would like to avoid storing credentials in the configuration
repository though.
Is there a way to pass a pre-made Argon password hash to cryptsetup to
use to
generate a new master key, or is the plaintext password needed for this
operation?
Best,
Misha.
_______________________________________________
dm-crypt mailing list
dm-crypt@saout.de
https://www.saout.de/mailman/listinfo/dm-crypt
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dm-crypt] Creating a LUKS container with a pre-made Argon hash
2020-12-11 23:07 [dm-crypt] Creating a LUKS container with a pre-made Argon hash Misha Gusarov
2020-12-11 23:07 ` Misha Gusarov
@ 2020-12-22 13:42 ` Milan Broz
1 sibling, 0 replies; 3+ messages in thread
From: Milan Broz @ 2020-12-22 13:42 UTC (permalink / raw)
To: Misha Gusarov, dm-crypt
On 12/12/2020 00:07, Misha Gusarov wrote:
> I'm trying to do an unattended rollout of Linux installations with FDE
> set up.
> I would like to avoid storing credentials in the configuration
> repository though.
>
> Is there a way to pass a pre-made Argon password hash to cryptsetup to
> use to
> generate a new master key, or is the plaintext password needed for this
> operation?
No, there is no such function.
Not sure if I understand this use case, but you cannot regenerate
master (volume) key without providing input that unlocks keyslot
that stores that key. (Or you need to provide the whole binary
keyslot area).
But you can later regenerate volume key with reencrypt command.
(Some deployed systems call this during first boot.)
Milan
_______________________________________________
dm-crypt mailing list
dm-crypt@saout.de
https://www.saout.de/mailman/listinfo/dm-crypt
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-12-22 13:43 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-11 23:07 [dm-crypt] Creating a LUKS container with a pre-made Argon hash Misha Gusarov
2020-12-11 23:07 ` Misha Gusarov
2020-12-22 13:42 ` Milan Broz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).