| 1 |
#!/bin/sh
|
| 2 |
|
| 3 |
# WARNING: If you use the decrypt_derived keyscript for devices with
|
| 4 |
# persistent data (i.e. not swap or temp devices), then you will lose
|
| 5 |
# access to that data permanently if something damages the LUKS header
|
| 6 |
# of the LUKS device you derive from. The same applies if you luksFormat
|
| 7 |
# the device, even if you use the same passphrase(s). A LUKS header
|
| 8 |
# backup, or better a backup of the data on the derived device may be
|
| 9 |
# a good idea. See the Cryptsetup FAQ on how to do this right.
|
| 10 |
|
| 11 |
countlines() {
|
| 12 |
local IFS input count tmp
|
| 13 |
input="$1"
|
| 14 |
count=0
|
| 15 |
IFS='
|
| 16 |
'
|
| 17 |
for tmp in $input; do
|
| 18 |
count=$(( $count + 1 ))
|
| 19 |
done
|
| 20 |
echo $count
|
| 21 |
}
|
| 22 |
|
| 23 |
if [ -z "$1" ]; then
|
| 24 |
echo "$0: must be executed with a crypto device as argument" >&2
|
| 25 |
exit 1
|
| 26 |
fi
|
| 27 |
|
| 28 |
if ! device=$(dmsetup --showkeys table 2>/dev/null | grep "^$1:"); then
|
| 29 |
echo "$0: failed to find $1 in dmtable" >&2
|
| 30 |
exit 1
|
| 31 |
fi
|
| 32 |
|
| 33 |
if [ -z "$device" ]; then
|
| 34 |
echo "$0: device $1 doesn't exist" >&2
|
| 35 |
exit 1
|
| 36 |
fi
|
| 37 |
|
| 38 |
count=$(countlines "$device")
|
| 39 |
if [ $count -ne 1 ]; then
|
| 40 |
echo "$0: more than one device match $1" >&2
|
| 41 |
exit 1
|
| 42 |
fi
|
| 43 |
|
| 44 |
eval set -- $device
|
| 45 |
type="$4"
|
| 46 |
key="$6"
|
| 47 |
|
| 48 |
if [ "$type" != "crypt" ]; then
|
| 49 |
echo "$0: device $1 is not a crypto device" >&2
|
| 50 |
exit 1
|
| 51 |
fi
|
| 52 |
|
| 53 |
echo -n "$key"
|
| 54 |
exit 0
|
Parent Directory
| 
Revision Log