On Tue, Sep 14, 2010 at 11:17:27AM -0400, Josh Litherland wrote: > Hrm. That's not what I thought key-size was doing at all. I was imagining > that it controlled how much of a key-file was read in and used for any > operations that needed a passphrase. It certainly behaves in the way I > expected when used with luksOpen... if I try to open with 2000key and no > key-size param, it doesn't work. That is done differently. May I direct your attention to the item "How do I read a LUKS slot key from file?" in the FAQ? (Found e.g. here: http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions) Arno > The patch I sent makes luksAddKey work as I thought it was meant to, but > it's entirely possible I broke some other aspect of it that I'm not using at > the moment. > > Thank you for responding. =) > > On Tue, Sep 14, 2010 at 10:41 AM, Roscoe <eocsor@xxxxxxxxx> wrote: > > > On Tue, Sep 14, 2010 at 8:07 AM, Josh Litherland <josh@xxxxxxxxxxx> wrote: > > > Using cryptsetup 1.1.0~rc2 from Ubuntu Lucid apt package. As an > > experiment, > > > I have a 1000 byte key that I have in a file 1000key. I have another > > file > > > 2000key which is the key followed by 1000 pad bytes. This works: > > > > > > # cryptsetup --key-file 1000key luksOpen /dev/loop0 cryptofs > > > > > > This also works: > > > > > > # cryptsetup --key-file 2000key --key-size 8000 luksOpen /dev/loop0 > > cryptofs > > > > > > This works too: > > > > > > # cryptsetup --key-file 1000key luksAddKey /dev/loop0 > > > > > > But this bit doesn't work: > > > > > > # cryptsetup --key-file 2000key --key-size 8000 luksAddKey /dev/loop0 > > > No key available with this passphrase. > > > # > > > > > > That is to say, the --key-size argument doesn't seem to be working with > > > luksAddKey. > > > > > > Any suggestions ? > > > > --key-size should specify the size of the key used for > > encryption/decryption, which is going to almost always be 112-512 > > bits. > > > > As this key is stored in the key slots and has a length described in > > the header it doesn't make any sense to pass it to cryptsetup for any > > of the luks commands other than luksFormat. > > > > Doesn't help your problem at all, though. It seems like you want it to > > mean the amount of input to the PBKDF2 function. > > > > -- Roscoe > > > > > > -- > Josh Litherland (josh@xxxxxxxxxxx) > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
