On Thu, Feb 25, 2010 at 10:22 PM, Li, Yan I <[email protected]> wrote: > On Fri, Feb 26, 2010 at 11:43:27AM +0800, Dustin Kirkland wrote: >> You mean, with either one of two keys being valid? Or requiring two >> sequential keys to be entered? > > Either one. > >> Given your Moblin association, I'm guessing you're looking for >> something like a wrapped-passphrase that can be unlocked using either >> a standard login password or a 4-digit PIN or something? > > Yeah, right. Should be something like that. > >> If so, I think the way forward would be to support a list of >> wrapped-passphrase* files, where the relevant ecryptfs tools gather a >> list of wrapper-passphrase*, and sequentially try to unwrap each until >> a success happens. > > Exactly. Does such an infrastructure exist? Or maybe I can start to > write one.
No, none exists yet. Let's discuss it a bit more, make sure we agree on a design. I'd also like to get Tyler's opinion on it. The functions that deal with the wrapped-passphrase file are relatively few. We could support a glob-type interface reasonably easily. I'm just not sure of the security of doing so. I guess we'd need to know a little more about the use case, if possible. > BTW, does this has anything to do with PKCS#11 support? Hmm, not that I know of. It's more of a token interface. Like a fingerprint reader that produces an authentication token. :-Dustin _______________________________________________ Mailing list: https://launchpad.net/~ecryptfs-users Post to : [email protected] Unsubscribe : https://launchpad.net/~ecryptfs-users More help : https://help.launchpad.net/ListHelp
