[dm-crypt] LUKS self-destruct key

Andrew list2010 at lunch.za.net
Mon Mar 31 07:17:30 CEST 2014

Greetings dm-crypt folks,

Is it feasable to add a self-destruct password to cryptsetup for LUKS, such that when this password is entered, the decryption code silently and deliberately overwrites all or part of the master key?  

If you are facing an unjust order to produce a working key, having the option to produce a self-destruct key would be helpful in some circumstances.  There are a number of ham-fisted regimes and illegal groups that do not know the difference between decrypting data and running untrusted code.  Destroying the master key would look to these like a simple failed attempt at decryption, and ensure the permanenty destruction of the data that they are seeking.

 + Give us your key
 - I don't remember it
 + Give Us Your Key
 - I really don't remember it
 - I think it's "INITIATE-SELF-DESTRUCT-SEQUENCE" but I'm not sure
 + That didn't work
 - I told you I don't remember

In pseudocode, the decryption would become something like this (based on my probably faulty understanding of LUKS):

    evaluate_password_for_slot(slot) {
	slot_plaintext=decrypt(slot_ciphertext, password);
	/* initiate self_destruct */
	if memcmp(slot_plaintext,SELF_DESTRUCT_PLAINTEXT,sizeof(SELF_DESTRUCT_PLAINTEXT))==0)
	/* self_destruct complete */
	master_key = decrypt(master_ciphertext, slot_key);
	if this_is_a_valid_master_key(master_key) { return E_SUCCESS; }
	return E_FAIL;

Code changes would include:
	Not considering a self-destruct key as a valid remaining key in luksKillSlot
	Front-end code to create a slot as a self-destruct key
	Back-end code to destroy the master key

More information about the dm-crypt mailing list