* [dm-crypt] Unattended generation/opening.
@ 2020-08-09 2:05 Diagon
2020-08-09 7:46 ` Michael Kjörling
2020-08-09 7:51 ` Milan Broz
0 siblings, 2 replies; 3+ messages in thread
From: Diagon @ 2020-08-09 2:05 UTC (permalink / raw)
To: dm-crypt
Could someone let me know what I'm doing wrong here? I'm trying to do this in a script, but it doesn't work on the command line, either:
$ echo "lukssecpwd" | sudo cryptsetup -c twofish-xts-plain64 -s 512 luksFormat /dev/loop5 -
$ echo "lukssecpwd" | sudo cryptsetup open /dev/loop5 crypt.secret
No key available with this passphrase.
$ sudo cryptsetup luksDump /dev/loop5
LUKS header information for /dev/loop5
Version: 1
Cipher name: twofish
Cipher mode: xts-plain64
Hash spec: sha256
Payload offset: 4096
MK bits: 512
MK digest: ed e5 83 79 0a ba 5f 85 96 4b 37 c9 50 d6 4b 52 0a ad c3 ca
MK salt: b7 53 d7 74 e8 26 e0 0c 94 39 62 8d 52 cd f1 0f
e5 6b ae 04 e0 5a 3c 92 c7 1e fe c6 69 d5 3c 78
MK iterations: 60569
UUID: 95b47c48-9b76-4403-b5c8-6c54298cb0c5
Key Slot 0: ENABLED
Iterations: 969108
Salt: fb 4a a5 43 b3 e0 a8 5d 86 e9 c5 50 c0 42 7a b0
3a 56 31 ac 1b 98 46 cb 93 2f 9f 3c 68 e8 3a 32
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
Ubuntu 18.04
cryptsetup 2.0.2
/D
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dm-crypt] Unattended generation/opening.
2020-08-09 2:05 [dm-crypt] Unattended generation/opening Diagon
@ 2020-08-09 7:46 ` Michael Kjörling
2020-08-09 7:51 ` Milan Broz
1 sibling, 0 replies; 3+ messages in thread
From: Michael Kjörling @ 2020-08-09 7:46 UTC (permalink / raw)
To: dm-crypt
On 8 Aug 2020 19:05 -0700, from saout.boxy@xoxy.net (Diagon):
> Could someone let me know what I'm doing wrong here? I'm trying to do this in a script, but it doesn't work on the command line, either:
>
> $ echo "lukssecpwd" | sudo cryptsetup -c twofish-xts-plain64 -s 512 luksFormat /dev/loop5 -
> $ echo "lukssecpwd" | sudo cryptsetup open /dev/loop5 crypt.secret
> No key available with this passphrase.
Norepro on up-to-date Debian Buster with cryptsetup 2.1.0 (package
version 2:2.1.0-5+deb10u2) with kernel 4.19.0-10-amd64 (package
version 4.19.132-1) reporting build date 2020-07-24.
# truncate -s 100M /root/lukstest
# losetup -f /root/lukstest
# losetup -l
NAME SIZELIMIT OFFSET AUTOCLEAR RO BACK-FILE DIO LOG-SEC
/dev/loop0 0 0 0 0 /root/lukstest 0 512
# echo "lukssecpwd" | cryptsetup luksFormat /dev/loop0
# echo "lukssecpwd" | cryptsetup open /dev/loop0 lukstest.loop0
# ls -l /dev/mapper/lukstest.loop0
lrwxrwxrwx 1 root root 7 Aug 9 09:37 /dev/mapper/lukstest.loop0 -> ../dm-9
# cryptsetup close lukstest.loop0
# ls -l /dev/mapper/lukstest.loop0
ls: cannot access '/dev/mapper/lukstest.loop0': No such file or directory
#
Seems to work just fine all the way through.
Using echo to pipe the passphrase into luksFormat and then entering it
manually into the later cryptsetup open invocation also works fine for
me.
That said, maybe adding "--key-file -" and dropping the "-" from the
luksFormat command might help? If not, please try it again with
--debug and show us the output of that.
--
Michael Kjörling • https://michael.kjorling.se • michael@kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dm-crypt] Unattended generation/opening.
2020-08-09 2:05 [dm-crypt] Unattended generation/opening Diagon
2020-08-09 7:46 ` Michael Kjörling
@ 2020-08-09 7:51 ` Milan Broz
1 sibling, 0 replies; 3+ messages in thread
From: Milan Broz @ 2020-08-09 7:51 UTC (permalink / raw)
To: Diagon, dm-crypt
On 09/08/2020 04:05, Diagon wrote:
> Could someone let me know what I'm doing wrong here? I'm trying to do this in a script, but it doesn't work on the command line, either:
>
> $ echo "lukssecpwd" | sudo cryptsetup -c twofish-xts-plain64 -s 512 luksFormat /dev/loop5 -
Remove that dash in the end of the line. It will switch to keyfile mode and EOL characted (\r) becomes part of the unlocking passphrase.
Alternatively you can do in format: echo -n "lukssecpwd" ..
> $ echo "lukssecpwd" | sudo cryptsetup open /dev/loop5 crypt.secret
You will have to use "--key-file -" to do the same trick.
Ream man page section NOTES ON PASSPHRASE PROCESSING FOR LUKS.
Milan
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-08-09 7:52 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-09 2:05 [dm-crypt] Unattended generation/opening Diagon
2020-08-09 7:46 ` Michael Kjörling
2020-08-09 7:51 ` Milan Broz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).