On Thu, Aug 07, 2008 at 12:10:03PM +0200, Till Maas wrote: > Mick Reed wrote: > > > Create the container > > # gpg --decrypt --quiet 2>>/dev/null first_key.gpg | cryptsetup \ > > luksFormat /dev/partition > > > If we can't find a way to do this, I will be happy to help with a patch. > > I am > > not a good enough coder to solve this on my own, yet. I do think there is > > a > > need for this, please offer any suggestions. Thanks! > > This works for me with bash: > > # cryptsetup luksFormat /dev/loop0 <(cat key1) > # cryptsetup --key-file <(cat key1) luksAddKey /dev/loop0 <(cat key2) > # cryptsetup --key-file <(cat key2) luksOpen /dev/loop0 foo > > Btw. piping keyfiles to cryptsetup without using --key-file may be a bad > idea. Iirc at least older versions of cryptsetup did not use the full > keyfile for encryption, e.g. when it contained newline characters. > Yep, I noticed this with RHEL 5.1 / CentOS 5.1 .. cryptsetup only used the first line from the file. Dunno if it is fixed in EL 5.2 or in upstream cryptsetup.. -- Pasi --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
