[dm-crypt] OPENSSL / PKCS#12/10

Arno Wagner arno at wagner.name
Mon Jan 11 17:22:40 CET 2010

On Sun, Jan 10, 2010 at 10:22:28PM +0100, Fran?ois Chenais wrote:
> Hello,
> Actually, dm-crypt uses stdin and file for password input.
> Is there any plan to add the option of using external
> gpg/RSA/pkcs#12/pkcs#10 files ?
> The idea is to use an crypted file stored on an external device (USB KEY,
> token...)

You can already do that by using a named pipe as file (or stdin)
and then having a preprocessor that decrypts the encrupted key file
to this pipe. This is actually the preferred way, as it keeps the 
complexity of cryptsetup low.

Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

More information about the dm-crypt mailing list