[dm-crypt] Wrong behavior?

Milan Broz mbroz at redhat.com
Tue Jul 13 23:12:40 CEST 2010


On 07/13/2010 10:51 PM, Sven Eschenberg wrote:
> Hi list, I just tried to issue the following command:
> 
> cryptsetup -c aes-xts-plain -s 256 -i 5000
> --master-key-file /kspace/tmpmaster
> luksFormat /dev/md125 /kspace/tmpkey.0
> 
> where tmpmaster and tmpkey.0 are binary files with entropy I wish to use
> for (tmpmaster) master key for the volume and (tmpkey.0) passphrase/key
> in key slot 0.
> 
> When I run the command, cryptsetup asks for a passphrase nevertheless,
> although it is stated:
> 
> luksFormat <device> [<new key file>] - formats a LUKS device
> 
> As an alternative, I tried passing the key file for the slot via
> --key-file since the manpage states this has precedence if used. No
> change though.
> 
> Is this a know bug?

you mean that keyfile should be used there?

Yes, I think it is not supported yet, easy to fix it though, can you please
add this to issues on google page?
(I'll fix it but later.)

(that option was meant for key escrow recovery mainly, for format you want
to use RNG generated master key in most situations)

Milan


> P.S.: Do I remember correctly, that the payload offset given by luksDump
> is always in 512 bytes sectors?

yes.



More information about the dm-crypt mailing list