[dm-crypt] passkey over network

.. ink .. mhogomchungu at gmail.com
Mon Jul 1 00:55:16 CEST 2013


Hi guys, i want to create a map to my crypted disk
> but, instead of putting the passkey every time, or using a pkcs11 (smart
> card), i want to get the passkey from a external server via network
> in other words:
>
> 1)place a new hard disk
> 2)setup dm-crypt over disk
> 3) mount disk using a external server like "
> https://www.host.com/get_passkey.php?UUID=xxxxx"
>
> anyone done something like it? or near it? maybe i'm talking about
> something that already exists
>
>
I think the proper steps would be
1. identify a LUKS based encrypted volume you want to unlock.
2. get the UUID of the encrypted volume
3. securely,get the key mapped to the UUID from another computer over the
network
4. use the key to unlock the volume
5. mount the unlocked volume
6. ????
7. profit!!!

I have a project[1] that interfaces with cryptsetup and it has plugin
architecture and can do the above when a plugin with the functionality is
written.Source code for a plugin that get a key from gnome-keyring is
here[1] so the plugin interface is simple enough. I envisioned making a
plugin that does what you are thinking but never made one since i do not
have a personal use case for it and nobody asked for it.

[1] http://code.google.com/p/zulucrypt/
[2]
http://code.google.com/p/zulucrypt/source/browse/plugins/keyring/keyring.c
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20130630/ffc29bc1/attachment.html>


More information about the dm-crypt mailing list