Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

stenc 2.0.0 no longer supports -kd #13

Open
maciozo opened this issue Jun 24, 2024 · 0 comments
Open

stenc 2.0.0 no longer supports -kd #13

maciozo opened this issue Jun 24, 2024 · 0 comments

Comments

@maciozo
Copy link

maciozo commented Jun 24, 2024

When ./scripts/encrypt calls stenc, the -kd flag is not recognised:

time="2024-06-24T20:19:43+01:00" level=info msg="+ ./stenc -f /dev/tape/by-id/scsi-HUJ414057K -e on -k /tmp/2888885715.key -kd AAA000 -a 1 --ckod"
time="2024-06-24T20:19:43+01:00" level=info msg="Usage: stenc [OPTION...]"
time="2024-06-24T20:19:43+01:00" level=info
time="2024-06-24T20:19:43+01:00" level=info msg="Mandatory arguments to long options are mandatory for short options too."
time="2024-06-24T20:19:43+01:00" level=info msg="  -f, --file=DEVICE        use DEVICE as the tape drive to operate on"
time="2024-06-24T20:19:43+01:00" level=info msg="  -e, --encrypt=ENC-MODE   set encryption mode to ENC-MODE"
time="2024-06-24T20:19:43+01:00" level=info msg="  -d, --decrypt=DEC-MODE   set decryption mode to DEC-MODE"
time="2024-06-24T20:19:43+01:00" level=info msg="  -k, --key-file=FILE      read encryption key and key descriptor from FILE,"
time="2024-06-24T20:19:43+01:00" level=info msg="                           or standard input when FILE is -"
time="2024-06-24T20:19:43+01:00" level=info msg="  -a, --algorithm=INDEX    use encryption algorithm INDEX"
time="2024-06-24T20:19:43+01:00" level=info msg="      --allow-raw-read     mark written blocks to allow raw reads of"
time="2024-06-24T20:19:43+01:00" level=info msg="                           encrypted data"
time="2024-06-24T20:19:43+01:00" level=info msg="      --no-allow-raw-read  mark written blocks to disallow raw reads of"
time="2024-06-24T20:19:43+01:00" level=info msg="                           encrypted data"
time="2024-06-24T20:19:43+01:00" level=info msg="      --ckod               clear key on demount of tape media"
time="2024-06-24T20:19:43+01:00" level=info msg="  -h, --help               print this usage statement and exit"
time="2024-06-24T20:19:43+01:00" level=info msg="      --version            print version information and exit"

It now expects the key descriptior to appear on a new line in the key file:

KEY INPUT SYNTAX
       stenc requires that all keys are entered as text hexadecimal strings,
       with no delimiters in between bytes.  Do not precede your key input
       with 0x.  When using a key file, the second line in the file can
       contain an optional key descriptor that will be displayed with the
       device status (see KEY DESCRIPTORS).

       Keys can be generated using any cryptographically secure entropy
       source, such as the random(4) device or the openssl(1SSL) suite of
       commands.  A 256-bit key file can be created with the following
       command:

              openssl rand -hex 32

       Example 128 bit key:

              000102030405060708090a0b0c0d0e0f

       Example 256 bit key:

              000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f

       Example 256 key file with key descriptor:

              000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f
              April backup key

This can probably be worked around by either appending the descriptor in newKey(), or in ./scripts/encrypt.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@maciozo