|
|
|
|
|
|
by gorgoiler
1968 days ago
|
|
|
If LUKS could store a piece of random public data in the LUKS header then LUKS keys could be derived by signing that public data. For example, ssh-agent can sign arbitrary data via its wire protocol. Lots of USB security keys expose their functionality via ssh-agent. https://tools.ietf.org/html/draft-miller-ssh-agent-04 Does LUKS / cryptsetup provide hooks for deriving a key from a blob of plaintext stored on the disk? [edit] There’s the UUID — sign it with your ssh-agent and use the hexdigest as a LUKS key. It sounds so simple it must already exist? |
|
|