Commit 7d7a4f3b authored by Janek Bevendorff's avatar Janek Bevendorff

Read CryFS password from kernel keyring

parent e18bb64a
......@@ -24,6 +24,7 @@ shift
# Define command line arguments and parse them.
if [ "$CMD" == "issue" ]; then
DEFINE_string "cryfs_dir" "" "CryFS base dir containing the encrypted certificates." "d"
DEFINE_integer "keyring_id" "-1" "Retrieve given CryFS decryption key from kernel keyring" "k"
DEFINE_string "root_cn" "" "CN of the root certificate for signing (optional)" "r"
DEFINE_string "type" "client" "Certificate type (client | server | ca)" "t"
DEFINE_string "common_name" "" "Common Name (CN) for the certificate (e.g., username)" "c"
......@@ -100,7 +101,13 @@ mount_cryfs() {
logInfo "Mounting CryFS..."
mkdir -p "$2"
if ! cryfs "$1" "$2" >&2; then
echo keyctl pipe $FLAGS_keyring_id >&2
if [ $FLAGS_keyring_id -ne -1 ]; then
< <(keyctl pipe $FLAGS_keyring_id 2>&1) cryfs "$1" "$2" >&2
else
cryfs "$1" "$2" >&2
fi
if [ $? -ne 0 ]; then
logError "Failed to mount CryFS volume!"
cleanup "$2"
exit 1
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment