[dm-crypt] --key-file size...

Andrea niankirdiof at dunflimblag.mailexpire.com
Thu Jan 24 14:34:42 CET 2013


Hi all,
   and thanks a lot for your work.
   I'm a happy user of cryptsetup.
   I need to store hospital data, and I would like to use a big key
   file.
   Well, I checked for compile limits (Ubuntu 12.10)
   $ cryptsetup --help|grep -i maximum
     Maximum keyfile size: 8192kB, Maximum interactive passphrase length 512 (characters)

   Anyway, if I check with the simple script under, it seems cryptsetup ignore
   everything where $size > 32.

   What I am doing wrong?

Thanks a lot for your time,
A.

------------

#!/bin/bash

fdloopback="/tmp/loopback.dd"
fdkey="/tmp/key_master"
fdkeytmp="/tmp/key"
cryptname="keytest"

dd if=/dev/zero of=$fdloopback bs=1G count=0 seek=1
nettle-lfib-stream | dd of=$fdkey bs=1K count=8192 iflag=fullblock

losetup /dev/loop0 $fdloopback
  cryptsetup create $cryptname /dev/loop0 --key-file $fdkey
    mkfs.ext4 -q /dev/mapper/$cryptname -F
    sync
  cryptsetup remove $cryptname
losetup -d /dev/loop0

for size in $(seq 2 2 8192)
do
  dd if=$fdkey of=$fdkeytmp bs=1 count=$size
  losetup /dev/loop0 $fdloopback
    cryptsetup create $cryptname /dev/loop0 --key-file $fdkeytmp
      fsck /dev/mapper/$cryptname && echo "------> Good, " $size || echo "------> Bad, " $size
      sync
    cryptsetup remove $cryptname
  losetup -d /dev/loop0
  echo "Enter to go on";read trash
done


More information about the dm-crypt mailing list