Support for binary keyfiles in crypttab
Thomas Gläßle
t_glaessle at gmx.de
Wed Jul 8 14:33:07 PDT 2015
When trying to unlock a device with a crypttab entry udisksctl asks for
a password. If the keyfile contains binary data, the unlocking will
usually fail no matter what password is entered. If the keyfile contains
a passphrase the device will be unlocked successfully no matter what
password is entered.
There are at least 3 small parts to this issue:
- udisks doesn't handle binary keyfiles properly (uses NUL-terminated
strings). This will be very easy to fix once the patch for [1] is merged.
- currently udisks always uses the crypttab entry if available. I
suggest a boolean option @use_crypttab or similar that forces udisks to
use only the crypttab entry (if available) and fail otherwise. If set to
false, udisks should always use the password entered by the user. If
unspecified, there are two options: [a] use the current behaviour (=use
crypttab entry if available), or, [b] default to False (which I'd prefer
actually)
- udisksctl needs to check if the device can be unlocked without a
user-supplied password. Using the suggested @use_crypttab option, this
will be easy (and fast) to do.
Note: I'll be happy to work on this once [1] is merged.
[1] https://bugs.freedesktop.org/show_bug.cgi?id=54828
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/devkit-devel/attachments/20150708/41d99625/attachment.sig>
More information about the devkit-devel
mailing list