On 09/14/2015 02:45 PM, Digimer wrote:
I tried this (cryptsetup --hash plain luksOpen /dev/sdb1 sdb1) but it fails to recognize the passphrase at the command line still. When I tried to use '--hash plain' on luksFormat, I get:
I don't know why Robert suggested that you try that. It's wrong. You would only use that to provide a binary key to cryptsetup, not a passphrase as you're trying to do.
I can't replicate your problem. Using --key-file works correctly for me. You said that you used "cat -A" to verify that there's no newline in the key file. I'd suggest that "od -c" is a better test. cat doesn't even really need the -A to check for a newline; after printing a file to the terminal with cat, your prompt will appear on the same line as the file's content if the file has no newline (for most prompt definitions).
Anyway, below is the terminal output of a session where I create a LUKS device using --key-file and then open it by manually typing the passphrase.
# dd if=/dev/zero of=crypttest bs=1M count=100 100+0 records in 100+0 records out 104857600 bytes (105 MB) copied, 0.0810213 s, 1.3 GB/s # losetup -f crypttest # echo -n thisismypassphrase > cryptfoo # od -c cryptfoo 0000000 t h i s i s m y p a s s p h r a 0000020 s e 0000022 # cryptsetup luksFormat --key-file cryptfoo /dev/loop0
WARNING! ======== This will overwrite data on /dev/loop0 irrevocably.
Are you sure? (Type uppercase yes): YES # cryptsetup luksOpen /dev/loop0 cdev Enter passphrase for /root/crypttest: # ls -l /dev/mapper/cdev lrwxrwxrwx. 1 root root 7 Sep 15 09:31 /dev/mapper/cdev -> ../dm-4