On Tue, Oct 10, 2006 at 11:09:08PM +0200, Stephan Seitz wrote:
On Tue, Oct 10, 2006 at 11:11:02AM +0200, Stephan Seitz wrote:
No, it doesn't work. I'm asked for the password of the key, and then
nothing happens. Using ps I see that the process cryptsetup luksOpen is
in sleeping state doing nothing. But does LUKS work with password form
stdin? The old method is using keyfiles in /tmp IIRC.
Okay, here some more information.
do_luks() in /lib/cryptsetup/cryptdisks.functions expects that the script
defined with keyscript= gives the necessary key via standard out
($KEYSCRIPT $key <&1 | $CRYPTCMD $PARAMS luksOpen $src $dst) while the
script decrypt_ssl writes the encrypted key to an temporary file.
I tried to write the script decrypt_ssl in a way that it sends the key to
standard out but without success. You can't have echo output in the
script because it would be send to the cryptsetup command, so you don't
get any hint that you have to enter the password. I tried it from the
command line with no success either. Maybe the reason is that the key is
a binary key (gen-ssl-key uses /dev/random without converting the result
to base64) and something gets lost in the pipe.
You seem to be working with the source of the latest package
version...this is not a good idea since the scripts have seen a lot of
changes already in SVN. So please take a look at the svn sources if you
want to help out.
PS.
To answer your output problem:
Output which should be visible to the user but not to stdout should
normally be written to /dev/console or /dev/tty
--
David Härdeman
