On Tue, Oct 10, 2006 at 11:11:02AM +0200, Stephan Seitz wrote:
No, it doesn't work. I'm asked for the password of the key, and then nothing happens. Using ps I see that the process cryptsetup luksOpen is in sleeping state doing nothing. But does LUKS work with password form stdin? The old method is using keyfiles in /tmp IIRC.
Okay, here some more information.do_luks() in /lib/cryptsetup/cryptdisks.functions expects that the script defined with keyscript= gives the necessary key via standard out ($KEYSCRIPT $key <&1 | $CRYPTCMD $PARAMS luksOpen $src $dst) while the script decrypt_ssl writes the encrypted key to an temporary file.
I tried to write the script decrypt_ssl in a way that it sends the key to standard out but without success. You can't have echo output in the script because it would be send to the cryptsetup command, so you don't get any hint that you have to enter the password. I tried it from the command line with no success either. Maybe the reason is that the key is a binary key (gen-ssl-key uses /dev/random without converting the result to base64) and something gets lost in the pipe.
Shade and sweet water!
Stephan
--
| Stephan Seitz E-Mail: [EMAIL PROTECTED] |
| PGP Public Keys: http://fsing.rootsland.net/~stse/pgp.html |
signature.asc
Description: Digital signature
