Create password wrapper over cryptsetup

agherzan / yubikey-full-disk-encryption

Use YubiKey to unlock a LUKS partition

Apache License 2.0

795 stars 50 forks source link

Create password wrapper over cryptsetup #24

Open Vincent43 opened 6 years ago

Vincent43 commented 6 years ago

Currently we support only luksOpen and luksAddKey commands without much customization. It would be better to have universal wrapper over cryptsetup commands which will pass ykfde password to them.

Example:

ykfde-wrapper luksFormat --hash sha256 --iter-time 5000 /dev/sda will execute: cryptsetup luksFormat --hash sha256 --iter-time 5000 /dev/sda and automatically pass ykfde password to it.

stuffo commented 6 years ago

moving the passphrase generation into a library would make this a 1-liner: print_passphrase | cryptsetup $@ even fancier, one could filter $1 and only request YK interaction when required (eg. luksDump does need no passphrase).

with the current structure it would basically mean cloning ykfde-open which doesn't seem very smart from a maintenance POW. are there any plans regarding a library?

Vincent43 commented 6 years ago

There are no any plans currently. I'm just throwing ideas about possible improvements. Personally I would do simple script without dependencies for better portability - one script is all you need. https://git.zx2c4.com/ctmg/about/ is good example.

If someone does library approach instead, I won't oppose.