[systemd-devel] [PATCH] cryptsetup: add keyfile-offset= support
Tom Gundersen
teg at jklm.no
Mon Jul 9 10:03:23 PDT 2012
On Mon, Jul 9, 2012 at 4:28 PM, Lennart Poettering
<lennart at poettering.net> wrote:
> On Mon, 09.07.12 11:02, Matthew Monaco (dgbaley27 at 0x01b.net) wrote:
>
>> On 07/09/2012 10:51 AM, Lennart Poettering wrote:
>> > On Fri, 29.06.12 13:40, Tom Gundersen (teg at jklm.no) wrote:
>> >
>> >> This is useful if your keyfile is a block device, and you want to
>> >> use a specific part of it, such as an area between the MBR and the
>> >> first partition.
>> >>
>> >> This feature is documented in the Arch wiki[0], and has been supported
>> >> by the Arch initscripts, so would be nice to get this into systemd.
>> >
>> > Hmm, I am not opposed to merge this, but before I do: I am a bit puzzled
>> > what the usecase for this is -- why would you store the key like this?
>> > Kinda defeats the purpose of encryption, no?
>>
>> It's no different than storing your key as a file (on a USB key) except there's
>> a little added obfuscation. Also, it's simpler (imo); you don't have to wait for
>> a FS to be mounted when unlocking your dm-crypt device.
>
> Ah, so this is about storing the key on a different disk then the one to
> decrypt. Didn't get that part, I see.
So does it look ok? Should I resubmit with a better explanation?
Cheers,
Tom
More information about the systemd-devel
mailing list