Problem with piped passphrases containing newline character

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello!

I am using some code like the following in order to initialize and open
LUKS containers:

$ gpg -d < secret.asc | sudo \
    cryptsetup luksFormat /dev/$DEVICE -

$ gpg -d < secret.asc | sudo \
    cryptsetup --key-file=- luksOpen /dev/$DEVICE blah


secret.asc is a file encrypted with GnuPG, which contains unknown
(possibly random) data. It usually includes at least one newline character.

The above commands have been carefully crafted after reading the man
page over and over (especially the parts about reading passphrases from
standard input or a pipe, and about newline handling), and after
studying the relevant parts of the code. I believe that this was the
proper way to use passphrases which are binary blobs with cryptsetup
versions around 1.0.6.

It used to work properly with cryptsetup-1.0.6. However, I am now
experiencing an error with cryptsetup-1.1.1 if the passphrase is
containing a newline character. I am using a simplified testcase to show
the problem. The following commands are written for bash. I assume that
there is a block device named /dev/loop0 which has enough space to hold
a LUKS container.

$ export LC_ALL=POSIX
$ echo -n $'foo\nbar' | sudo \
    cryptsetup luksFormat /dev/loop0 -
$ echo -n $'foo\nbar' | sudo \
    cryptsetup --key-file=- luksOpen /dev/loop0 testing
No key available with this passphrase.


At first it seemed to be related to issue 52[1], but trying out the svn
revisions around 208 did not confirm that assumption.

I svn-bisect[2]-ed the problem, and found out that the change in
behavior was probably introduced somewhere between r109 and r124
(inclusively, each). I have not digged even more deeply into it, because
I currently do not understand the tricky details.

This is probably a bug in the code, or the documentation is misleading.
Or am I using cryptsetup improperly and am I misunderstanding its manpage?


[1] https://code.google.com/p/cryptsetup/issues/detail?id=52
[2] http://search.cpan.org/perldoc?svn-bisect


Thanks
-- 
Nico

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux