def escrow(self, directory, backupPassphrase):
log.debug("escrow: escrowVolume start for %s", self.device)
if volume_key is None:
raise LUKSError("Missing key escrow support libraries")
vol = volume_key.Volume.open(self.device)
volume_ident = self._escrowVolumeIdent(vol)
ui = volume_key.UI()
# This callback is not expected to be used, let it always fail
ui.generic_cb = lambda unused_prompt, unused_echo: None
def known_passphrase_cb(unused_prompt, failed_attempts):
if failed_attempts == 0:
return self.__passphrase
return None
ui.passphrase_cb = known_passphrase_cb
log.debug("escrow: getting secret")
vol.get_secret(volume_key.SECRET_DEFAULT, ui)
log.debug("escrow: creating packet")
default_packet = vol.create_packet_assymetric_from_cert_data \
(volume_key.SECRET_DEFAULT, self.escrow_cert, ui)
log.debug("escrow: packet created")
with open("%s/%s-escrow" % (directory, volume_ident), "wb") as f:
f.write(default_packet)
log.debug("escrow: packet written")
if self.add_backup_passphrase:
log.debug("escrow: adding backup passphrase")
vol.add_secret(volume_key.SECRET_PASSPHRASE, backupPassphrase)
log.debug("escrow: creating backup packet")
backup_passphrase_packet = \
vol.create_packet_assymetric_from_cert_data \
(volume_key.SECRET_PASSPHRASE, self.escrow_cert, ui)
log.debug("escrow: backup packet created")
with open(
"%s/%s-escrow-backup-passphrase" %
(directory, volume_ident), "wb") as f:
f.write(backup_passphrase_packet)
log.debug("escrow: backup packet written")
log.debug("escrow: escrowVolume done for %s", repr(self.device))
def __init__(self, *args, **kwargs):
Plugin.__init__(self, *args, **kwargs)
self._ui = volume_key.UI()
self._ui.generic_cb = self._vk_ui_generic_cb
self._ui.passphrase_cb = self._vk_ui_passphrase_cb
def create_ui():
ui = volume_key.UI()
ui.generic_cb = generic_ui_cb
ui.passphrase_cb = passphrase_ui_cb
return ui