On Sun, 23 Dec 2018 at 04:19:45 +0100, Guilhem Moulin wrote: > If your encrypted disk image is in LUKS2 format (otherwise upgrade from > LUKS1 possible) you can also get away without workaround if you don't > mind re-enabling systemd-cryptsetup-generator(8). First you need to add > a keyring token for that device: > > cryptsetup token add --key-slot 0 --key-description cryptkey-c1 > /home/me/luks/some.img > > (The “cryptkey-” prefix in the key description comes from > decrypt_keyctl, but is currently undocumented. If it ever changes you'd > be prompted for the passphrase — something which anyway will happen if > the key expires before all devices have been opened — but I guess we > could just document the prefix.) > > Then with a “simple” crypttab(5) entry (without keyscript) > > some_img /home/me/luks/some.img none luks > > systemd should be able to open the device in an unattended fashion, if > one of the devices unlocked earlier (at initramfs stage) have ‘c1’ as > third column ‘keyscript=decrypt_keyctl’ in the crypttab(5) option column. > Cf. https://gitlab.com/cryptsetup/cryptsetup/blob/master/docs/Keyring.txt > for details.
Oops apologies, this is pretty much totally wrong. I should have spawned a test VM before sending these suggestions… Native LUKS2 auto-activation via token keyring might come in due time in systemd, but as of v240 there is no mention of crypt_activate_by_token(). That's not how systemd-ask-password(1) or systemd-cryptsetup(1) use the kernel keyring currently. AFAICT, when systemd tries to open a LUKS device, it starts by searching in the user keyring for a key named “cryptsetup”. If found, the content is interpreted as a NUL-delimited list of passphrases, each one being successfully tried against the device to open. At this point, if the device is still locked, the user is prompted for the passphrase until the device opens, or until the maximum number of tries exceeds; moreover each passphrase entered (whether it's valid or not) is appended to the NUL-delimited list contained in the key named “cryptsetup”. However I'm personally extremely reluctant to adopt such logic in src:cryptsetup (for instance in cryptdisks_start(8) or in our initramfs scripts), because 1/ splitting on NUL bytes breaks binary passphrases, which are currently allowed through askpass' passfifo; and 2/ successively trying each passphrase previously entered is a waste of time and resources, especially with modern PBKDFs. (That said, on systems where these drawbacks are acceptable, it's easy to modify or duplicate decrypt_keyctl and change the key name to “cryptsetup”; and probably harder to split the content on NUL bytes and try each passphrase successfully.) Using crypt_activate_by_token() in systemd is definitely the way forward for LUKS2. The two logics can even co-exist. I'll see if I can provide a patch, or at least file a bug. -- Guilhem.
signature.asc
Description: PGP signature
