Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use local stored key to manage recovery keys #1

Open
derektamsen opened this issue May 21, 2018 · 0 comments
Open

Use local stored key to manage recovery keys #1

derektamsen opened this issue May 21, 2018 · 0 comments
Assignees
@derektamsen
Labels
enhancement New feature or request

Comments

@derektamsen
Copy link
Collaborator

luks2crypt should generate and use a local key to manage the escrowed recovery keys. This would allow luks2crypt to not keep a cleartext cached password locally on the host. It would also enable it to rotate passwords on a scheduled basis.

Ex:

  • luks slot 1 would contain a locally generated cert stored in /etc/luks2crypt/adminkey
  • luks slot 2 would contain a recovery key. This would then be escrowed an no local copy would be kept.
  • luks slot 3+ would be used for user keys.

Luks2crypt would then be able to rotate slot 2 at a scheduled interval or with a cli flag.
@derektamsen derektamsen added the enhancement New feature or request label May 21, 2018
@derektamsen derektamsen self-assigned this May 21, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@derektamsen derektamsen

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@derektamsen