On 03/04/2015 03:16 PM, Digimer wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
I created a LUKS encrypted partition via a udev-triggered script on
6.6 using --key-file /tmp/foo. This worked fine, and I can decrypt the
LUKS partition via script and manually using --key-file with luksOpen.
The odd problem is that I can't decrypt the partition using the
prompt. If I manually create a file with the passphrase in it and then
point to it with --key-file, it decrypts fine. I used 'cat -A
/tmp/foo' to verify that there was no '\n' at the end of the phrase.
Is this expected behaviour? That is; If you create an encrypted
partition using --key-file, you always decrypt with the same? If so, I
can't understand the logic... If not, then I am not sure what I am
doing wrong.
Try again including "--hash plain" on the command line. When the
key is read from a keyfile, no hash is used and the key is simply
truncated to the correct length (too short is an error). A key read
from the terminal or from stdin is hashed, then truncated or padded
to the proper length.
See "NOTES ON PASSWORD PROCESSING" in the cryptsetup manpage.
Presumably, if you stored the hashed key phrase in the keyfile
(DAMHTDT) it would work from the terminal without "--hash -plain".
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
