search

eternaltyro / cryptsetup

Since Google code is shuttering...
http://code.google.com/p/cryptsetup
GNU General Public License v2.0
0 stars 0 forks source link

Passphrase from Keyfile #201

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Hey there,

when I build a Luks-Device with luksFormat <keyfile> like in step 1 below, I 
can always open it again with luksOpen --key-file <keyfile> like in step 2. If 
I try to boot the device (or exec luksOpen w/o --key-file) and enter the 
passphrase it will be rejected. There are no typos nor keymap problems I have 
checked that. Also no special characters in the file but the End-of-Line 
Character '$'.

Can be reproduced on any debian wheezy I tested it on. The Manpage sais it 
takes "the passphrase" from the file, not the file as the passphrase so I guess 
this should be working?

What steps will reproduce the problem?
1. /sbin/cryptsetup -q luksFormat /dev/sdb1 passphrase.txt
2. /sbin/cryptsetup luksOpen /dev/sdb1 test-crypt --key-file passphrase.txt
3. /sbin/cryptsetup luksOpen /dev/sdb1 test-crypt

What is the expected output? What do you see instead?

1. Works as expected
2. Works as expected
3. Passphrase rejected

What version of the product are you using? On what operating system?

Debian Wheezy

Please provide any additional information below.

I have also changed the lines 1 and 2 to 
luksFormat/luksOpen ... - < passphrase.txt to read from stdin, works but has 
the same effect as before.

Greetigs

Original issue reported on code.google.com by some.ind...@gmail.com on 18 Jan 2014 at 2:03

GoogleCodeExporter commented 9 years ago 
Just found the part about trailing newlines. Seems the vim didn't show that but 
might have been there. Investigating now. will put the result in here asap.

Original comment by some.ind...@gmail.com on 18 Jan 2014 at 2:25

GoogleCodeExporter commented 9 years ago 
Its actually working now with some tr -d "\n" , so sorry for the spam.

Just forget this happened :/

Original comment by some.ind...@gmail.com on 18 Jan 2014 at 2:53

GoogleCodeExporter commented 9 years ago 
Yes, handling "\n" in keyfile is tricky and unfortunately it is used in a lot 
of script, so we can change default easily. I hope man page explains it.

Original comment by gmazyl...@gmail.com on 18 Jan 2014 at 12:19