On Mon, Apr 09, 2007 at 09:45:42PM +0200, Marc Haber wrote:
--key-file=- does not take a key from standard input:
[EMAIL PROTECTED] /mnt/hda1 # ./keyscript | cryptsetup -d - luksOpen /dev/hda5
hda5_crypt
Command failed.
[EMAIL PROTECTED] /mnt/hda1 # ./keyscript | cryptsetup --key-file=- luksOpen
/dev/hda5 hda5_crypt
Command failed.
[EMAIL PROTECTED] /mnt/hda1 # ./keyscript | cryptsetup --key-file - luksOpen
/dev/hda5 hda5_crypt
Command failed.
[EMAIL PROTECTED] /mnt/hda1 # ./keyscript | cryptsetup luksOpen /dev/hda5
hda5_crypt
key slot 0 unlocked.
Command successful.
[EMAIL PROTECTED] /mnt/hda1 #
I'm guessing keyscript generates output which includes a newline which
is not really part of the key?
austin:~# dd if=/dev/zero of=/test.img bs=1k count=1k
1024+0 records in
1024+0 records out
1048576 bytes (1.0 MB) copied, 0.00791454 seconds, 132 MB/s
austin:~# losetup -f /test.img
austin:~# cryptsetup luksFormat /dev/loop0
WARNING!
========
This will overwrite data on /dev/loop0 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase: test
Verify passphrase: test
Command successful.
austin:~# echo -n "test" | cryptsetup --key-file=- luksOpen /dev/loop0 test
key slot 0 unlocked.
Command successful.
austin:~# cryptsetup remove test
austin:~# echo "test" | cryptsetup luksOpen /dev/loop0 test
key slot 0 unlocked.
Command successful.
austin:~# cryptsetup remove test
austin:~# echo "test" | cryptsetup --key-file=- luksOpen /dev/loop0 test
Command failed.
--
David Härdeman