[dm-crypt] LUKS2 resizing

Andrius Štikonas andrius at stikonas.eu
Thu Dec 14 20:22:03 CET 2017


Hi,

I don't think --ask-always option would be necessary...  I think cryptsetup status is more than enough.
I have to do some screen scrubbing in other places too, e.g. new file system (and version version) detection
code now screen scrubs "udevadm info --query property" to detect whether e.g. it is LUKS1 or LUKS2 or even FAT12.

Actually, do I even need cryptsetup status KDE Partitition Manager only allows resizing unlocked LUKS volumes
(so that internal file system can also be resized). So if I understand correctly it will never ask for passphrase in LUKS1
case but it will always ask in LUKS2 case.

Andrius

2017 m. gruodžio 14 d., ketvirtadienis 10:23:21 GMT rašėte:
> On 12/13/2017 07:05 PM, Andrius Štikonas wrote:
> 
> > Exit code status should be fine for me. I'll just check for it to be 0. I can't really
> > use libcryptsetup anyway, I need to use cryptsetup executable as
> > KDE Partition Manager is a GUI app and linking to libcryptsetup would
> > require the whole app to be running as root which is a security issue for
> > GUI apps.
> 
> I see.
> 
> Well, you may either detect volume key was passed via kernel keyring to 
> dm-crypt by following command: cryptsetup status <name>
> 
> It prints usual status information together with line:
> "key location: keyring". If you see such line you know cryptsetup
> resize will ask for passphrase. But yes, it's screen scrubbing, not 
> comfortable.
> 
> Or, we may implement option --ask-always (or similar) and cryptsetup 
> resize will ask always for the passphrase to verify (and also load) 
> volume key during resize operation.
> 
> Would it help?
> 
> Also do you mind if I repost this e-mail back to mail list so that 
> others see my answer?
> 
> O.
> 
> 


-- 
I encourage the use of end to end email encryption

GPG key:   https://stikonas.eu/andrius.asc
Fingerprint:  1EE5 A320 5904 BAA2 B88C 0A9D 24FD 3194 0095 C0E1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20171214/d0c9d258/attachment.asc>


More information about the dm-crypt mailing list