search for: decrypt_keyctl

On Tuesday, 12 November 2019 19:35:12 CET Richard W.M. Jones wrote: > This allows multiple --key parameters on the command line to match a > single device. This could either be specified as: > > tool --key /dev/sda1:key:trykey1 --key /dev/sda1:key:trykey2 > > which would try "trykey1" and "trykey2" against /dev/sda1. This seems OK for me, so you can

...; Also there's no actual penalty to making this feature available, it's > a natural extension which falls out from the implementation, and it > doesn't affect performance unless the caller adds multiple --key > parameters. It's also how LUKS itself works if you enable > decrypt_keyctl in crypttab. This is not about performance or how LUKS works (which both are irrelevant for libguestfs users), but rather about explicitly specifying a secret only to its target. > > Also, this makes it possible so > > in case of two similar guests like: > > - /dev/sda1 with key...

...at scale), and keys. Also there's no actual penalty to making this feature available, it's a natural extension which falls out from the implementation, and it doesn't affect performance unless the caller adds multiple --key parameters. It's also how LUKS itself works if you enable decrypt_keyctl in crypttab. > Also, this makes it possible so > in case of two similar guests like: > - /dev/sda1 with key "key1", and /dev/sda2 with key "key2" > - /dev/sda1 with key "key2", and /dev/sda2 with key "key1" > the above command like will work i...

Hi Rich and Pino, Commenting after a test. I've installed a RHEL 7 virtual machine with 2 disks, using the graphical installer. During the installation, I selected the 2 disks as well as encryption checkbox. It asked me for only one password. After the installation, when the machine boots, it asks for the password (showing a device UUID) only once. When connected as root, I can see that there