[dm-crypt] Quorum system on decryption passphrase

Milan Broz gmazyland at gmail.com
Wed Mar 30 18:27:55 CEST 2016


On 03/30/2016 03:18 PM, Fernando D. Pedemonte wrote:
> Dear List
> 
> I am trying to setup an encrypted partition, and I requiere 2 people of 3 putting a pass-phrase to unlock the device.
> Is there any way that I can setup in the system to require keys in two different slots to unlock the device?

If you mean something like Shamir's secret sharing (you need N of M parts to unlock the key),
LUKS doesn't provide this directly, but Clevis/Tang project is going this way (in development).
See end of slides from DevConf - http://slides.com/npmccallum/devconf16#/35
(Not usable yet but good to know about it :-)

Milan


More information about the dm-crypt mailing list