summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Cady <d@jerkface.net>2017-03-26 23:08:20 -0400
committerAndrew Cady <d@jerkface.net>2017-03-28 09:19:06 -0400
commit49f70f198a0bd1b72ae05b76ba8c2a013aa9ec5b (patch)
tree8a8d1aef853ac942096944cf424191e1342e1dea
parent3af02e032f39ba16c3f8de2e606abec317d99354 (diff)
Ensure we can decrypt the luks key before attempting to use it
This just fails earlier when the wrong GPG key is used. The correct solution is to avoid the failure by testing for GPG keys before offering disks to boot.
-rw-r--r--src/initrd/btrfs-create.sh10
1 files changed, 8 insertions, 2 deletions
diff --git a/src/initrd/btrfs-create.sh b/src/initrd/btrfs-create.sh
index 3066331..c076b9e 100644
--- a/src/initrd/btrfs-create.sh
+++ b/src/initrd/btrfs-create.sh
@@ -224,12 +224,18 @@ open_samizdat_blockdev_from_loop()
224open_samizdat_blockdev() 224open_samizdat_blockdev()
225{ 225{
226 local dev="$1" keyfile="$2" 226 local dev="$1" keyfile="$2"
227 local cryptname=samizdatcrypt decrypted_keyfile=/luks.secret
227 228
228 local cryptname=samizdatcrypt
229 gpg2 --verify "$keyfile" || return 229 gpg2 --verify "$keyfile" || return
230
231 # TODO: we should be ensuring we can decrypt this secret key before even
232 # offering the option to boot the encrypted filesystem
233
230 # The first --decrypt merely strips the signature. The option is 234 # The first --decrypt merely strips the signature. The option is
231 # poorly named for that case. 235 # poorly named for that case.
232 gpg2 --decrypt "$keyfile" | gpg2 --decrypt | cryptsetup --key-file - luksOpen "$dev" "$cryptname" || return 236 gpg2 --decrypt "$keyfile" | gpg2 --decrypt > "$decrypted_keyfile" || return
237
238 cryptsetup --key-file "$decrypted_keyfile" luksOpen "$dev" "$cryptname" || return
233 239
234 [ -b /dev/mapper/"$cryptname" ] || return 240 [ -b /dev/mapper/"$cryptname" ] || return
235 241