-
Notifications
You must be signed in to change notification settings - Fork 0
Open
Labels
Description
What process ensures secure initial creation and rotation of key files prompts for correct passphrases while avoiding unauthorized file generation?
Secure Passphrase Handling:
- Input Secrecy: During both initial creation (
ensure_exists()) and rotation (rotate()), the application usesgetpass.getpass()to prompt for the LUKS passphrase. This standard Python function prevents the entered passphrase from being echoed to the terminal, protecting it from shoulder surfing. - In-Memory Handling: The captured passphrase is passed directly to the
gpgsubprocess via its standard input stream. This is a secure practice that avoids writing the plaintext passphrase to temporary files or storing it in memory for an extended period.
Controlled File Generation:
- Creation Guard: The
ensure_exists()method is designed to be non-destructive. It first checks if a key file already exists for the specified device and will only prompt for creation if one is not found, thus preventing accidental overwrites of existing keys. - Authorization via GPG: The entire security model is anchored to the user's GPG identity. An unauthorized user, who does not have access to the configured recipient's private GPG key, cannot decrypt existing key files. While they could technically run the
rotatecommand to overwrite a file, the resulting encrypted file would be useless to them, as they could not decrypt it later to mount the device. The core authentication happens at the GPG level when thegpgagent prompts for the private key's passphrase. - Structured Flow: File creation and rotation are not arbitrary. They can only be triggered through specific user-initiated commands (
ensure_existsandrotate), which follow a clear, controlled logic, minimizing the risk of unintended file generation.
Reactions are currently unavailable