clevis icon indicating copy to clipboard operation
clevis copied to clipboard
verified publisher icon latchset

Possibly replace pwmake with jose jwk gen

Open cbiedl opened this issue 5 years ago • 1 comments

Hello,

the clevis-luks-bind program uses pwmake to create a new passphrase for the luks container. Now I am wondering what that program with its additional dependencies is needed. Wouldn't jose jwk gen do the same job? Since jose is already around, this would reduce the installation footprint.

If my jose-foo is already good enough, it would be something like, with bytes accordingly set:

jose jwk gen --input='{"kty":"oct","bytes":32}' --output=- | jose fmt --json=- --object --get k --unquote=-

Or did I miss a point?

cbiedl avatar May 23 '20 18:05 cbiedl

Similar idea from something I put together today for testing

# Generate 32 random bytes and url-safe b64 encode
dd if=/dev/urandom bs=32 count=1 2>/dev/null | jose b64 enc -I-

turtlemonvh avatar Jun 01 '20 17:06 turtlemonvh