Re: key-size argument not working with luksAddKey

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

If anyone's interested, the point of all this is that I ultimately want to use a USB thumb drive as my key-file; not from a file, but raw from the device itself.  I obviously can't constrain the size of the device, so I need to be able to only read the known length of the passphrase off it.  Strictly speaking this is only required for luksOpen (which is working as desired without my patch), but I discovered the surprising (to me) behavior of luksAddKey whilst setting it up.

On Tue, Sep 14, 2010 at 11:17 AM, Josh Litherland <josh@xxxxxxxxxxx> wrote:
Hrm.  That's not what I thought key-size was doing at all.  I was imagining that it controlled how much of a key-file was read in and used for any operations that needed a passphrase.  It certainly behaves in the way I expected when used with luksOpen... if I try to open with 2000key and no key-size param, it doesn't work.

The patch I sent makes luksAddKey work as I thought it was meant to, but it's entirely possible I broke some other aspect of it that I'm not using at the moment.

Thank you for responding.  =)


On Tue, Sep 14, 2010 at 10:41 AM, Roscoe <eocsor@xxxxxxxxx> wrote:
On Tue, Sep 14, 2010 at 8:07 AM, Josh Litherland <josh@xxxxxxxxxxx> wrote:
> Using cryptsetup 1.1.0~rc2 from Ubuntu Lucid apt package.  As an experiment,
> I have a 1000 byte key that I have in a file 1000key.  I have another file
> 2000key which is the key followed by 1000 pad bytes.  This works:
>
> # cryptsetup --key-file 1000key luksOpen /dev/loop0 cryptofs
>
> This also works:
>
> # cryptsetup --key-file 2000key --key-size 8000 luksOpen /dev/loop0 cryptofs
>
> This works too:
>
> # cryptsetup --key-file 1000key luksAddKey /dev/loop0
>
> But this bit doesn't work:
>
> # cryptsetup --key-file 2000key --key-size 8000 luksAddKey /dev/loop0
> No key available with this passphrase.
> #
>
> That is to say, the --key-size argument doesn't seem to be working with
> luksAddKey.
>
> Any suggestions ?

--key-size should specify the size of the key used for
encryption/decryption, which is going to almost always be 112-512
bits.

As this key is stored in the key slots and has a length described in
the header it doesn't make any sense to pass it to cryptsetup for any
of the luks commands other than luksFormat.

Doesn't help your problem at all, though. It seems like you want it to
mean the amount of input to the PBKDF2 function.

-- Roscoe



--
Josh Litherland (josh@xxxxxxxxxxx)



--
Josh Litherland (josh@xxxxxxxxxxx)
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux