[dm-crypt] passkey over network

Roberto Spadim roberto at spadim.com.br
Mon Jul 1 01:53:21 CEST 2013


in my case it's a server, in any place in the world, and the https server
that will send the key, is a server in my house or somewhere that i can
'block'/'unblock' server
in other words, others servers only can use the disk if i say what's the
passkey, without my passkey no mount exists

i will read your links, and understand what could be done
any others ideas?


2013/6/30 .. ink .. <mhogomchungu at gmail.com>

>
>
> Hi guys, i want to create a map to my crypted disk
>> but, instead of putting the passkey every time, or using a pkcs11 (smart
>> card), i want to get the passkey from a external server via network
>> in other words:
>>
>> 1)place a new hard disk
>> 2)setup dm-crypt over disk
>> 3) mount disk using a external server like "
>> https://www.host.com/get_passkey.php?UUID=xxxxx"
>>
>> anyone done something like it? or near it? maybe i'm talking about
>> something that already exists
>>
>>
> I think the proper steps would be
> 1. identify a LUKS based encrypted volume you want to unlock.
> 2. get the UUID of the encrypted volume
> 3. securely,get the key mapped to the UUID from another computer over the
> network
> 4. use the key to unlock the volume
> 5. mount the unlocked volume
> 6. ????
> 7. profit!!!
>
> I have a project[1] that interfaces with cryptsetup and it has plugin
> architecture and can do the above when a plugin with the functionality is
> written.Source code for a plugin that get a key from gnome-keyring is
> here[1] so the plugin interface is simple enough. I envisioned making a
> plugin that does what you are thinking but never made one since i do not
> have a personal use case for it and nobody asked for it.
>
> [1] http://code.google.com/p/zulucrypt/
> [2]
> http://code.google.com/p/zulucrypt/source/browse/plugins/keyring/keyring.c
>
>
>


-- 
Roberto Spadim
SPAEmpresarial
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20130630/9068b305/attachment.html>


More information about the dm-crypt mailing list