OXIESEC PANEL
- Current Dir:
/
/
snap
/
core24
/
988
/
usr
/
lib
/
cryptsetup
/
scripts
Server IP: 139.59.38.164
Upload:
Create Dir:
Name
Size
Modified
Perms
📁
..
-
05/04/2025 04:37:50 PM
rwxr-xr-x
📄
decrypt_derived
1.08 KB
06/05/2024 01:46:49 PM
rwxr-xr-x
📄
decrypt_gnupg
570 bytes
06/05/2024 01:46:49 PM
rwxr-xr-x
📄
decrypt_gnupg-sc
953 bytes
06/05/2024 01:46:49 PM
rwxr-xr-x
📄
decrypt_keyctl
1.99 KB
06/05/2024 01:46:49 PM
rwxr-xr-x
📄
decrypt_opensc
1.36 KB
06/05/2024 01:46:49 PM
rwxr-xr-x
📄
decrypt_ssl
347 bytes
06/05/2024 01:46:49 PM
rwxr-xr-x
📄
passdev
14.3 KB
11/14/2024 03:44:47 AM
rwxr-xr-x
Editing: decrypt_keyctl
Close
#!/bin/sh # decrypt_keyctl - to use in /etc/crypttab as keyscript # Allows to cache passwords for cryptdevices for 60s # The same password is used for for cryptdevices with the same identifier. # The keyfile parameter, which is the third field from /etc/crypttab, is # used as identifier in this keyscript. # # sample crypttab entries: # test1 /dev/sda1 test_pw luks,keyscript=decrypt_keyctl # test2 /dev/sda2 test_pw luks,keyscript=decrypt_keyctl # test3 /dev/sda3 test_other_pw luks,keyscript=decrypt_keyctl # # test1 and test2 have the same identifier thus test2 does not need a password # typed in manually die() { echo "$@" >&2 exit 1 } if [ -z "${CRYPTTAB_KEY:-}" ] || [ "$CRYPTTAB_KEY" = "none" ]; then # store the passphrase in the key name used by systemd-ask-password ID_="cryptsetup" else # the keyfile given from crypttab is used as identifier in the keyring # including the prefix "cryptsetup:" ID_="cryptsetup:$CRYPTTAB_KEY" fi TIMEOUT_='60' ASKPASS_='/lib/cryptsetup/askpass' PROMPT_="Caching passphrase for ${CRYPTTAB_NAME}: " if ! KID_="$(keyctl search @u user "$ID_" 2>/dev/null)" || \ [ -z "$KID_" ] || [ "$CRYPTTAB_TRIED" -gt 0 ]; then # key not found or wrong, ask the user KEY_="$($ASKPASS_ "$PROMPT_")" || die "Error executing $ASKPASS_" if [ -n "$KID_" ]; then # I have cached wrong password and now i may use either `keyctl update` # to update $KID_ or just unlink old key, and add new. With `update` i # may hit "Key has expired", though. So i'll go "unlink and add" way. keyctl unlink "$KID_" @u KID_="" fi KID_="$(printf "%s" "$KEY_" | keyctl padd user "$ID_" @u)" [ -n "$KID_" ] || die "Error adding passphrase to kernel keyring" if ! keyctl timeout "$KID_" "$TIMEOUT_"; then keyctl unlink "$KID_" @u die "Error setting timeout on key ($KID_), removing" fi else echo "Using cached passphrase for ${CRYPTTAB_NAME}." >&2 fi keyctl pipe "$KID_"