[dm-crypt] OPENSSL / PKCS#12/10

François Chenais francois.chenais at gmail.com
Mon Jan 11 20:13:40 CET 2010


2010/1/11 Arno Wagner <arno at wagner.name>

> On Sun, Jan 10, 2010 at 10:22:28PM +0100, Fran?ois Chenais wrote:
> > Hello,
> >
> > Actually, dm-crypt uses stdin and file for password input.
> >
> > Is there any plan to add the option of using external
> > gpg/RSA/pkcs#12/pkcs#10 files ?
> >
> > The idea is to use an crypted file stored on an external device (USB KEY,
> > token...)
>
> You can already do that by using a named pipe as file (or stdin)
> and then having a preprocessor that decrypts the encrupted key file
> to this pipe. This is actually the preferred way, as it keeps the
> complexity of cryptsetup low.
>
>
Something like this ?

     openssl pkcs12 -in file.p12 -nodes -nocerts | cryptsetup ...

  François















> Arno
> --
> Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email:
> arno at wagner.name
> GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25
> 338F
> ----
> Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
>
> If it's in the news, don't worry about it.  The very definition of
> "news" is "something that hardly ever happens." -- Bruce Schneier
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20100111/f06ee0ce/attachment.html>


More information about the dm-crypt mailing list