Package: cryptsetup Version: 2:1.1.0~rc2-1 Severity: wishlist Hi,
cryptsetup should support decrypting multiple volumes with the same passphrase and only prompt for it once. Attached is a script which can be used as a `keyscript'. It prompts for the passphrase and stores it in a key ring for a short amount of time using Linux' key retention facility. Further passphrase requests are satisfied from the stored value without prompting again. This works quite well, however there are a view problems: - only works on Linux - the passphrase is stored for some time and might be exposed (at least root can dump the stored passphrase) - the passphrase is piped between processes and might end up in unsecure memory and be written to swap The script contains more detailed documentation. A better approach would be to add support for this functionality to cryptsetup. Cryptsetup could then decrypt all volumes that belong to the same group at once and there would be no need to retain the passphrase. I'm not sure, if there would be problems if the root volume is part of such a group, because then all the volumes would have to be decrypted at the time the root volume is decrypted, which happens very early in the boot process. Until a better solution is found, the attached script could be included in the package as an example. Cheers, harry -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.32.2-hb (SMP w/1 CPU core) Locale: LANG=POSIX, LC_CTYPE=de_AT.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages cryptsetup depends on: ii dmsetup 2:1.02.39-1 The Linux Kernel Device Mapper use ii libc6 2.10.2-2 GNU C Library: Shared libraries ii libdevmapper1.02.1 2:1.02.39-1 The Linux Kernel Device Mapper use ii libpopt0 1.15-1 lib for parsing cmdline parameters ii libuuid1 2.16.2-0 Universally Unique ID library cryptsetup recommends no packages. Versions of packages cryptsetup suggests: ii dosfstools 3.0.6-1 utilities for making and checking ii initramfs-tools [linux-initra 0.93.4 tools for generating an initramfs ii udev 149-2 /dev/ and hotplug management daemo -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
