therealromster / cryptsetup

Automatically exported from code.google.com/p/cryptsetup
GNU General Public License v2.0
0 stars 0 forks source link

Feature Request: Open multiple devices in one step #215

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Hi, 

this is not a bug report, but a feature request for a small but important 
improvement: 

cryptsetup luksOpen <device> <name>

can only open one device at a time. This means that you have to enter the 
password repeatedly if several devices with the same password need to be 
opened. This is sometimes required, e.g. if you have swap and /root encrypted, 
but don't want to use LVM to avoid wasting disk space (e.g. because limited 
space on a SSD). 

Another reason is that the linux kernel raid is not really recommended for 
large disks (2 or 4 TB), because disks in this size cannot be built without 
read errors due to the size and error probability. Therefore it is state of the 
art to use file systems which use multiple redundant disks instead, like BTRFS 
oder ZFS. Since none of these filesystems supports encryption (zfs has 
encryption for Solaris, but not for Linux), it requires to encrypt all disks 
used for these file systems. Since both disks have the same content, it does 
not make sense to use different passwords, and since the kernel detects the 
decrypted devmapper devices as soon as they appear, it makes sense to keep the 
time between decrypting the disks as short as possible, to have them appear 
synchroneously. 

It therefore would make sense to have something like

cryptsetup luksOpen <device> <name> <device> <name> ...

with an arbirtrary number of device/name pairs, 
which takes an entered password to open all devices where the password fits 
(and keeps asking until all are opened), and have the decrypted devices appear 
as mapper devices together once all devices were successfully encrypted, i.e. 
to have all disks of a raid file system appear as synchroneously as possible.

Should be easy to implement. 

regards
Hadmut

Original issue reported on code.google.com by had...@googlemail.com on 11 May 2014 at 6:46

GoogleCodeExporter commented 9 years ago
I am not sure if it is good idea... usually multiple crypt devices are opened 
through some init system (which parses /etc/crypttab) and which also caches 
passwords (and I think people are using it similar to your use case).

Original comment by gmazyl...@gmail.com on 18 May 2014 at 9:14