Okay, thanks for the replies, I eventually figured out the the first problem was due to me not actually understanding what "-h plain" does, I presumed it was to specify a hexadecimal key, but instead it converts whatever string is passed to a hexadecimal string, without any cryptographic hash, which does actually make more sense than what I thought it did. I should have been using dmsetup directly if I want to specify a hex key to use... > As far a the man page is concerned, reading key material from stdin is not a valid option, thus the behavior is unspecified. Where does it say that? It's the man page which told me how to do it; "From a key file: It will be cropped to the size given by -s. If there is insufficient key material in the key file, cryptsetup will quit with an error. If --key-file=- is used for reading the key from stdin, no trailing newline is stripped from the input. Without that option, cryptsetup strips trailing newlines from stdin input." Seeing as how "--keyfile=-" does seem kinda broken, I don't doubt you're right, however I can't find any mention of any problems... > Did you run cryptsetup and supply to little key data, when prompted for the key? Is the behavior then as expected? IF not, then file a bug report. You can't really supply raw key data at the prompt. It's when you specify the key data with --keyfile=/tmp/filename, it'll error out as expected if there's too little key data, but not when using "--keyfile=-" to read the data from stdin, however if that's not really a valid option then I suppose I should no expect it to work. --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
