diff --git a/man/common_options.adoc b/man/common_options.adoc index 841929bd..f5d02b85 100644 --- a/man/common_options.adoc +++ b/man/common_options.adoc @@ -443,7 +443,7 @@ endif::[] ifdef::ACTION_TOKEN[] *--key-description *:: -Set key description in keyring for use with _token_ command. +Set key description in keyring that will be used for passphrase retrieval. endif::[] ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSFORMAT,ACTION_LUKSRESUME,ACTION_LUKSADDKEY,ACTION_LUKSREMOVEKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_LUKSKILLSLOT,ACTION_LUKSDUMP,ACTION_TCRYPTDUMP,ACTION_REENCRYPT,ACTION_REPAIR,ACTION_BITLKDUMP[] @@ -666,6 +666,11 @@ Supplying more than the compiled in maximum aborts the operation. When --new-keyfile-offset is also given, reading starts after the offset. endif::[] +ifdef::UNUSED[] +*--new-key-description *:: +Set key description in keyring that will be used for new passphrase retrieval. +endif::[] + ifdef::ACTION_LUKSADDKEY[] *--new-key-slot <0-N>*:: This option allows you to specify which key slot is selected for diff --git a/src/cryptsetup.c b/src/cryptsetup.c index fd580d73..a8b8d7e6 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -4036,6 +4036,11 @@ int main(int argc, const char **argv) _("Cannot link volume key to a keyring when keyring is disabled."), poptGetInvocationName(popt_context)); + if (ARG_SET(OPT_DISABLE_KEYRING_ID) && (ARG_SET(OPT_KEY_DESCRIPTION_ID) || ARG_SET(OPT_NEW_KEY_DESCRIPTION_ID))) + usage(popt_context, EXIT_FAILURE, + _("Cannot use keyring key description when keyring is disabled."), + poptGetInvocationName(popt_context)); + if (ARG_SET(OPT_DEBUG_ID) || ARG_SET(OPT_DEBUG_JSON_ID)) { crypt_set_debug_level(ARG_SET(OPT_DEBUG_JSON_ID)? CRYPT_DEBUG_JSON : CRYPT_DEBUG_ALL); dbg_version_and_cmd(argc, argv); diff --git a/src/cryptsetup_arg_list.h b/src/cryptsetup_arg_list.h index 74967487..1025c727 100644 --- a/src/cryptsetup_arg_list.h +++ b/src/cryptsetup_arg_list.h @@ -97,7 +97,7 @@ ARG(OPT_JSON_FILE, '\0', POPT_ARG_STRING, N_("Read or write the json from or to ARG(OPT_KEEP_KEY, '\0', POPT_ARG_NONE, N_("Do not change volume key"), NULL, CRYPT_ARG_BOOL, {}, OPT_KEEP_KEY_ACTIONS) -ARG(OPT_KEY_DESCRIPTION, '\0', POPT_ARG_STRING, N_("Key description"), NULL, CRYPT_ARG_STRING, {}, {}) +ARG(OPT_KEY_DESCRIPTION, '\0', POPT_ARG_STRING, N_("Keyring key description"), NULL, CRYPT_ARG_STRING, {}, OPT_KEY_DESCRIPTION_ACTIONS) ARG(OPT_KEY_FILE, 'd', POPT_ARG_STRING, N_("Read the key from a file"), NULL, CRYPT_ARG_STRING, {}, {}) @@ -127,6 +127,8 @@ ARG(OPT_NEW_KEYFILE_OFFSET , '\0', POPT_ARG_STRING, N_("Number of bytes to skip ARG(OPT_NEW_KEYFILE_SIZE, '\0', POPT_ARG_STRING, N_("Limits the read from newly added keyfile"), N_("bytes"), CRYPT_ARG_UINT32, {}, {}) +ARG(OPT_NEW_KEY_DESCRIPTION, '\0', POPT_ARG_STRING, N_("Keyring new key description"), NULL, CRYPT_ARG_STRING, {}, OPT_NEW_KEY_DESCRIPTION_ACTIONS) + ARG(OPT_NEW_KEY_SLOT, '\0', POPT_ARG_STRING, N_("Slot number for new key (default is first free)"), "INT", CRYPT_ARG_INT32, { .i32_value = CRYPT_ANY_SLOT }, OPT_NEW_KEY_SLOT_ACTIONS) ARG(OPT_NEW_TOKEN_ID, '\0', POPT_ARG_STRING, N_("Token number (default: any)"), "INT", CRYPT_ARG_INT32, { .i32_value = CRYPT_ANY_TOKEN }, OPT_NEW_TOKEN_ID_ACTIONS) diff --git a/src/cryptsetup_args.h b/src/cryptsetup_args.h index 5df9e1ef..a26b063e 100644 --- a/src/cryptsetup_args.h +++ b/src/cryptsetup_args.h @@ -81,6 +81,7 @@ #define OPT_LUKS2_KEYSLOTS_SIZE_ACTIONS { REENCRYPT_ACTION, FORMAT_ACTION } #define OPT_LUKS2_METADATA_SIZE_ACTIONS { REENCRYPT_ACTION, FORMAT_ACTION } #define OPT_NEW_KEYFILE_ACTIONS { ADDKEY_ACTION } +#define OPT_NEW_KEY_DESCRIPTION_ACTIONS { } #define OPT_NEW_KEY_SLOT_ACTIONS { ADDKEY_ACTION } #define OPT_NEW_TOKEN_ID_ACTIONS { ADDKEY_ACTION } #define OPT_OFFSET_ACTIONS { OPEN_ACTION, REENCRYPT_ACTION, FORMAT_ACTION } diff --git a/src/utils_arg_names.h b/src/utils_arg_names.h index 4ec5510b..f932faeb 100644 --- a/src/utils_arg_names.h +++ b/src/utils_arg_names.h @@ -114,6 +114,7 @@ #define OPT_VOLUME_KEY_FILE "volume-key-file" #define OPT_VOLUME_KEY_KEYRING "volume-key-keyring" #define OPT_NEW "new" +#define OPT_NEW_KEY_DESCRIPTION "new-key-description" #define OPT_NEW_KEY_SLOT "new-key-slot" #define OPT_NEW_KEYFILE "new-keyfile" #define OPT_NEW_KEYFILE_OFFSET "new-keyfile-offset"