On 11/16/2016 11:47 PM, Ondrej Kozina wrote: > (Please still consider it to be RFC only, I need to modify the uspace > teststuite > again due to changes in key_string format. Also the changes to dm-crypt > documentation > will follow before final submit. Feature wide I'd consider the patch being > complete > unless any bugs would emerge) > > The kernel key service is a generic way to store keys for the use of > other subsystems. Currently there is no way to use kernel keys in dm-crypt. > This patch aims to fix that. Instead of key userspace may pass a key > description with preceding ':'. So message that constructs encryption > mapping now looks like this: > > <cipher> [<key>|:<key_string>] <iv_offset> <dev_path> <start> > [<#opt_params> <opt_params>] > > where <key_string> is in format: <key_size>:<key_type>:<key_description> > > Currently we only support two elementary key types: 'user' and 'logon'. > Keys may be loaded in dm-crypt either via <key_string> or using > classical method and pass the key in hex representation directly. >
I think we need to hexify key description too, because it can contain spaces. <key_size> seems like unnecessary complication. Kernel knows key_size, it doesn't need that information from userspace. Handling different types is probably an overkill too. If it works with logon keys, why would we need to use 'user' keys? -- dm-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/dm-devel
