Feature Request: Window for Luks keyslot management

mhogomchungu / zuluCrypt

zuluCrypt is a front end to cryptsetup and tcplay and it allows easy management of encrypted block devices

https://mhogomchungu.github.io/zuluCrypt

Other

504 stars 60 forks source link

Feature Request: Window for Luks keyslot management #150

Closed GIJack closed 3 years ago

GIJack commented 3 years ago

I have a feature request. Under the Volumes sub menu for a Key Management window.

What I request:

The main part of the window will be a list of keyslots and information from cryptsetup luksDump. These will be presented as selectable items.

There will be button to delete specific keys based on slot selected.

There will be an "add" button that can add to a specific numbered slot, using the dialog from "Add a Key to the volume", but with another field for specifying slot number.

I have a key management scheme that uses numbered unique keys, that I will not have access to the key if it is lost or stolen, however, I will know which number key is lost, and will be able to remove it from the keyring, right now all on the command line.

It would make the management task a lot easier if this was easily done in the GUI.

mhogomchungu commented 3 years ago

Working on this but some information in luksDump wont be available because zuluCrypt uses cryptsetup through its library and the information is not exposed through the library API.

mhogomchungu commented 3 years ago

The CLI will produce an output like below and GUI will use the same info:

For LUKS2

[ink@localhost ~]$ zuluCrypt-cli -b -b -d luks2.img 
Slot Number: 0
Type: luks2
PBKDF type: argon2i
Cipher: aes-xts-plain64
Cipher key: 512 bits
Priority: Normal
Time cost: 0
Memory: 645039
Threads: 4

Slot Number: 1
Type: luks2
PBKDF type: argon2i
Cipher: aes-xts-plain64
Cipher key: 512 bits
Priority: Normal
Time cost: 0
Memory: 650852
Threads: 4

[ink@localhost ~]$

For LUKS1

[ink@localhost ~]$ zuluCrypt-cli -b -b -d luks1.img 
Slot Number: 0
Type: luks1
PBKDF type: pbkdf2
PBKDF hash: sha256
PBKDF iterations: 876734

Slot Number: 1
Type: luks1
PBKDF type: pbkdf2
PBKDF hash: sha256
PBKDF iterations: 879676

[ink@localhost ~]$

mhogomchungu commented 3 years ago

The git version now has this feature Screenshot_20201113_152116 Screenshot_20201113_152151 Screenshot_20201113_152250 Screenshot_20201113_152327 Screenshot_20201113_152351

Screenshot_20201113_152044

GIJack commented 3 years ago

This does in fact work. However, I do suggest being add button directly from the list dialog. Same dialog as now, just add a button from the list.

mhogomchungu commented 3 years ago

Try again. There is now a check box that makes it possible to show/hide inactive key slots and clicking inactive key slot will show a menu that can be used to add a key to that specific key slot.

Clicking active key slot will show a menu that given an option to delete a key in that specific key slot.

GIJack commented 3 years ago

OOh, interesting. I am looking at this now. UI looks great. thanks.

However there appears to be a slight bug. For some reason I am only able to delete a keyslot with the key in that slot. With my usage model, if I needed to delete a key it

to do this with cryptsetup, you need to use luksKillSlot, instead of luksRemoveKey

mhogomchungu commented 3 years ago

I did not know the behavior of luksKillSlot.

Try now.

The new behavior is as follows:-

luksRemoveKey behavior if slot number is NOT given.
luksKillSlot behavior if slot number is given.

GIJack commented 3 years ago

Works. Brilliant. Thanks again for adding this.