| Top | |
|
|
|
| #define | BD_CRYPTO_ERROR |
| enum | BDCryptoError |
| #define | BD_CRYPTO_BACKUP_PASSPHRASE_CHARSET |
| #define | BD_CRYPTO_BACKUP_PASSPHRASE_LENGTH |
| #define | DEFAULT_LUKS_KEYSIZE_BITS |
| #define | DEFAULT_LUKS_CIPHER |
A plugin for operations with encrypted devices. For now, only LUKS devices are supported.
Functions taking a parameter called "device" require the backing device to be passed. On the other hand functions taking the "luks_device" parameter require the LUKS device (/dev/mapper/SOMETHING").
Sizes are given in bytes unless stated otherwise.
gchar *
bd_crypto_generate_backup_passphrase (GError **error);
A newly generated BD_CRYPTO_BACKUP_PASSPHRASE_LENGTH-long passphrase.
See BD_CRYPTO_BACKUP_PASSPHRASE_CHARSET for the definition of the charset used for the passphrase.
[transfer full]
gchar * bd_crypto_luks_uuid (gchar *device,GError **error);
UUID of the device
or NULL if failed to determine (error
)
is populated with the error in such cases).
[transfer full]
gchar * bd_crypto_luks_status (gchar *luks_device,GError **error);
one of "invalid", "inactive", "active" or "busy" or
NULL if failed to determine (error
is populated with the error in
such cases).
[transfer none]
gboolean bd_crypto_luks_format (gchar *device,gchar *cipher,guint64 key_size,gchar *passphrase,gchar *key_file,guint64 min_entropy,GError **error);
Formats the given device
as LUKS according to the other parameters given. If
min_entropy
is specified (greater than 0), the function waits for enough
entropy to be available in the random data pool (WHICH MAY POTENTIALLY TAKE
FOREVER).
Either passhphrase
or key_file
has to be != NULL.
device |
a device to format as LUKS |
|
cipher |
cipher specification (type-mode, e.g. "aes-xts-plain64") or |
[allow-none] |
key_size |
size of the volume key in bits or 0 to use the default |
|
passphrase |
a passphrase for the new LUKS device or |
[allow-none] |
key_file |
a key file for the new LUKS device or |
[allow-none] |
min_entropy |
minimum random data entropy (in bits) required to format |
|
error |
place to store error (if any). |
[out] |
gboolean bd_crypto_luks_open (gchar *device,gchar *name,gchar *passphrase,gchar *key_file,GError **error);
whether the device
was successfully opened or not
One of passphrase
, key_file
has to be != NULL.
gboolean bd_crypto_luks_add_key (gchar *device,gchar *pass,gchar *key_file,gchar *npass,gchar *nkey_file,GError **error);
whether the npass
or nkey_file
was successfully added to device
or not
One of pass
, key_file
has to be != NULL and the same applies to npass
,
nkey_file
.
gboolean bd_crypto_luks_remove_key (gchar *device,gchar *pass,gchar *key_file,GError **error);
gboolean bd_crypto_luks_change_key (gchar *device,gchar *pass,gchar *npass,GError **error);
gboolean bd_crypto_luks_resize (gchar *device,guint64 size,GError **error);
gboolean bd_crypto_escrow_device (gchar *device,gchar *passphrase,gchar *cert_data,gchar *directory,gchar *backup_passphrase,GError **error);
device |
path of the device to create escrow data for |
|
passphrase |
passphrase used for the device |
|
cert_data |
certificate data to use for escrow |
|
directory |
directory to put escrow data into |
|
backup_passphrase |
backup passphrase for the device or |
[allow-none] |
error |
place to store error (if any). |
[out] |