From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1493CC433ED for ; Fri, 14 May 2021 15:25:50 +0000 (UTC) Received: from mail.server123.net (mail.server123.net [78.46.64.186]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0B2E56145A for ; Fri, 14 May 2021 15:25:49 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0B2E56145A Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=endorphin.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=dm-crypt-bounces@saout.de X-Virus-Scanned: amavisd-new at saout.de Authentication-Results: mail.server123.net (amavisd-new); dkim=pass (2048-bit key) header.d=endorphin.org Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2607:f8b0:4864:20::62d; helo=mail-pl1-x62d.google.com; envelope-from=clemens@endorphin.org; receiver= Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Fri, 14 May 2021 17:22:52 +0200 (CEST) Received: by mail-pl1-x62d.google.com with SMTP id s20so16304331plr.13 for ; Fri, 14 May 2021 08:22:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=endorphin.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4IG5VglP5HMZznKl28OTCmmhA4Go/fi9XyXbOgijJjk=; b=QCc6L24B/HREREnjTR2zAvmf3YRuzuoVpCTUAkCXOs7iXwKPwMff6rl0ShpyG6dto4 RhOlpOKwFbsMybr4ibDJWaIc6UhWCRGTFBWngzpw/ME0cyHY4Djj2tELTPYHw4pe7VCt CK+Hqw67MDdjZRNDUcVpQyqFVvg5os9JgDuVf2mktSu4/2zpRWRtpTYd0KMS2FHWKX7w lKVyixdLoA7MSnfg/YQ2x1UaGf/7oE6D4ZXnuAlZn4PdLdiVMt+tsa0LTpwnlN2+P/5M yAjdMpB8rZvj5V4Jd92Q55omSEOku/zbb5JntNTggAqbA5en1QF++ObTj8q/UJOrwA4I deuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4IG5VglP5HMZznKl28OTCmmhA4Go/fi9XyXbOgijJjk=; b=ZNijclLmDagGzO8BeQIsH0x0NUxyExH2Te8BeYJmxibr2EoxWFRBb5zYQ8vuckp3jK bchJ5A7SOLRE3mdZApTHGr0qycb10PUUwROYi5y3/XZjkkhESWdatK1Wvj81KLnUq3cY AikvRhjCPCyp0IGB5o9uCLe5EhgFI+rVt9MynZ0xrl43dzlupxAjSmmF1Wp7/gPiyrLk qvQpwpyCT3SaVq3aUqAzeB4KQ2yB/4n/V2MZTxTEDWeYxXvTKFKHIBaXIVY26BOjB6U5 LvQ7Iix1hY5lMcQtsDvp9ohsTMbvIzuaDfmnJ756sJUy8nzEH4GKU22ilw6GLO5Otjsd Agug== X-Gm-Message-State: AOAM531lmuedBZW/j3rHqQ6adnjsFwIv6M2230hvMlRsFZtRtNlu3t8h tnHcUYFcpV3U3wP7wQGbN+nHM6gWPd7BaP9PrpkpbvHcVoyfCwwc X-Google-Smtp-Source: ABdhPJy3hHcWkGUCLwDL5yB06TukA/of3DIV/b899leKauRqbZ8+JNUIXXNredktOyuj624TNjtu+uAnJMejxXx4TiM= X-Received: by 2002:a17:902:7787:b029:f0:a7c0:f9e5 with SMTP id o7-20020a1709027787b02900f0a7c0f9e5mr2429819pll.5.1621005770946; Fri, 14 May 2021 08:22:50 -0700 (PDT) MIME-Version: 1.0 References: <286a7fed-2e24-b622-d9fd-ed3445a547be@gmail.com> In-Reply-To: <286a7fed-2e24-b622-d9fd-ed3445a547be@gmail.com> From: Clemens Fruhwirth Date: Fri, 14 May 2021 17:22:39 +0200 Message-ID: To: Milan Broz Message-ID-Hash: C2RK4YARORHEOGGXVYYJWCFMPCIM67I4 X-Message-ID-Hash: C2RK4YARORHEOGGXVYYJWCFMPCIM67I4 X-MailFrom: clemens@endorphin.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dm-crypt.saout.de-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Volker Dormeyer , dm-crypt@saout.de X-Mailman-Version: 3.3.2 Precedence: list Subject: [dm-crypt] Re: Reading the passphrase from a key-file List-Id: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit On Fri, 14 May 2021 at 15:44, Milan Broz wrote: > > On 14/05/2021 13:51, Volker Dormeyer wrote: > > Hello, > > > > today I have another question regading the key-file option. I am > > scripting something where the passphare is given by STDIN, with the > > following options: > > > > cryptsetup luksOpen /dev/sde hdd --header header.img --key-file - > > > > If I enter this line on a command line it prompts me with "Enter > > passphrase for /dev/sde", I was suspecting nothing. How can I make sure > > that the passphrase is being read form STDIN? > > Cryptsetup checks if there is input from a real terminal (then displays this message) > or from a pipe. echo pwd | cryptsetup ... works. > > But if the input is a binary file, it will stop on the first EOL (then you must use --keyfile-size). > Please read "NOTES ON PASSPHRASE PROCESSING FOR LUKS" in the man page. Milan, could you help my memory here: > From key file: The complete keyfile is read up to the compiled-in maximum size. Newline characters do not terminate the input. The --keyfile-size > option can be used to limit what is read. Did I chose this "up to the compiled-in maximum size" either explicitly or implicitly back in the days? Checking get_key inside lib/utils.c in the ancient release 1.0.6 from some time in 2007 looks as if there was no such limit. Introducing a compile-time limit has the unfortunate property that two cryptsetup binaries compiled with different settings won't be able to produce compatible key slots when pointed to key files that exceed this compiled-in limit. Cheers, -- Fruhwirth Clemens http://clemens.endorphin.org _______________________________________________ dm-crypt mailing list -- dm-crypt@saout.de To unsubscribe send an email to dm-crypt-leave@saout.de