[dm-crypt] PKCS#11 support in cryptsetup

Milan Broz gmazyland at gmail.com
Sun May 15 19:48:01 CEST 2016

On 05/07/2016 09:03 AM, Johanna A wrote:

> In a comment to the last pull request I suggest adding pkcs#11 support
> in cryptsetup in a similar way as to how keyfiles are handled. In a
> way keyfiles and pkcs#11 data objects are quite similar. Both are
> accessiable via an URI (https://tools.ietf.org/html/rfc7512), both can
> be read depending on size or until EOF.


in new version of LUKS we plan to add some kind of token
support (at least to store some metadata inside LUKS to identify what
token can open particular keyslots and that token will contain
data to open particular keyslot).

Anyway, PKCS#11 is one of example I would like to see to be tested
from the beginning.
What library it should use is another question.

It would be nice if you can create "feature request" issue on cryptsetup
gitlab page (https://gitlab.com/cryptsetup/cryptsetup/issues)
and link your code (and possibly previous discussion) there.

We will return to that later (in guess in 1-2 months, unfortunately...) and
I update the issue there once this happens.


More information about the dm-crypt mailing list