On Fri, 14 May 2021 at 15:44, Milan Broz <gmazyland@xxxxxxxxx> wrote: > > On 14/05/2021 13:51, Volker Dormeyer wrote: > > Hello, > > > > today I have another question regading the key-file option. I am > > scripting something where the passphare is given by STDIN, with the > > following options: > > > > cryptsetup luksOpen /dev/sde hdd --header header.img --key-file - > > > > If I enter this line on a command line it prompts me with "Enter > > passphrase for /dev/sde", I was suspecting nothing. How can I make sure > > that the passphrase is being read form STDIN? > > Cryptsetup checks if there is input from a real terminal (then displays this message) > or from a pipe. echo pwd | cryptsetup ... works. > > But if the input is a binary file, it will stop on the first EOL (then you must use --keyfile-size). > Please read "NOTES ON PASSPHRASE PROCESSING FOR LUKS" in the man page. Milan, could you help my memory here: > From key file: The complete keyfile is read up to the compiled-in maximum size. Newline characters do not terminate the input. The --keyfile-size > option can be used to limit what is read. Did I chose this "up to the compiled-in maximum size" either explicitly or implicitly back in the days? Checking get_key inside lib/utils.c in the ancient release 1.0.6 from some time in 2007 looks as if there was no such limit. Introducing a compile-time limit has the unfortunate property that two cryptsetup binaries compiled with different settings won't be able to produce compatible key slots when pointed to key files that exceed this compiled-in limit. Cheers, -- Fruhwirth Clemens http://clemens.endorphin.org _______________________________________________ dm-crypt mailing list -- dm-crypt@xxxxxxxx To unsubscribe send an email to dm-crypt-leave@xxxxxxxx
