Roscoe schrieb:
The second issue I've come across is, when supplying binary (rather than
hex) key material, using "--key-file=-" to read the data from stdin, it
doesn't error out if not enough data can be read, unlike when supplying an
actual file to --key-file.
For example, if you have a file (say "/tmp/foo") with 128 bits of random
data, and run `cryptsetup -c aes-xts-benbi -s 256 --key-file=/tmp/foo
create loop /dev/loop0`, it errors out with "Command failed: Key
processing error: Could not read 32 bytes from key file", however if you
run `cat /tmp/foo | cryptsetup -c aes-xts-benbi -s 256 --key-file=- create
loop /dev/loop0`, it works when it shouldn't.
Also, even when you do supply a key file of the required size, you get
different results with `cat /tmp/foo | cryptsetup --key-file=-` than you
do with `cryptsetup --key-file=/tmp/foo`...
I'm not familar with keyfiles, but I'd be looking at the source code
to see how they are treated differently.
(perhaps at http://www.google.com/codesearch/p?hl=en&sa=N&cd=1&ct=rc#XUHSqiyZS4s/trunk/lib/utils.c&q=key-file%20package:http://cryptsetup\.googlecode\.com&l=344)
-- Roscoe
As far a the man page is concerned, reading key material from stdin is
not a valid option, thus the behavior is unspecified.
To the original poster:
Did you run cryptsetup and supply to little key data, when prompted for
the key? Is the behavior then as expected? IF not, then file a bug report.
Regards
-Sven
---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx
