[dm-crypt] Two Factor Authentication With LUKS

Arno Wagner arno at wagner.name
Tue Jun 17 20:11:45 CEST 2014


No. cryptsetup does not know or understadnm tokens. You can 
read the passprase from stdin (see man-page) and thereby construct
a wrapper involwing another software you have to supply that can
deal with a token. 

But you should know than an RSA token does not provide any secret 
when used to authenticate. It proves that it knows a secret, but 
that secret is not transferred. Hence an RSA token is not suitable
for use with disk encryption. 

Arno

On Tue, Jun 17, 2014 at 15:47:52 CEST, marcos marrero wrote:
> Good Morning,
> 
> Is there any way that I LUKS can be edited where it allows a token +
> password in order to decrypt the data?  Everything that I find has to do
> with a key file and I dont want to use a key file I want to use a token
> (like an RSA token or google authenticator ) + password.  Can you please
> guide me in the right direction.   
>  
> Very Respectfully,
> 
> 
> JR.

> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -  Plato


More information about the dm-crypt mailing list