yubikey-full-disk-encryption icon indicating copy to clipboard operation
yubikey-full-disk-encryption copied to clipboard

Published 20 hours ago verified publisher icon agherzan

Create password wrapper over cryptsetup

Open Vincent43 opened this issue 7 years ago • 2 comments
trafficstars

Currently we support only luksOpen and luksAddKey commands without much customization. It would be better to have universal wrapper over cryptsetup commands which will pass ykfde password to them.

Example:

ykfde-wrapper luksFormat --hash sha256 --iter-time 5000 /dev/sda will execute: cryptsetup luksFormat --hash sha256 --iter-time 5000 /dev/sda and automatically pass ykfde password to it.

Vincent43 avatar Feb 12 '18 10:02 Vincent43

moving the passphrase generation into a library would make this a 1-liner: print_passphrase | cryptsetup $@ even fancier, one could filter $1 and only request YK interaction when required (eg. luksDump does need no passphrase).

with the current structure it would basically mean cloning ykfde-open which doesn't seem very smart from a maintenance POW. are there any plans regarding a library?

stuffo avatar Feb 12 '18 22:02 stuffo

There are no any plans currently. I'm just throwing ideas about possible improvements. Personally I would do simple script without dependencies for better portability - one script is all you need. https://git.zx2c4.com/ctmg/about/ is good example.

If someone does library approach instead, I won't oppose.

Vincent43 avatar Feb 12 '18 23:02 Vincent43