[dm-crypt] How can I write a passphrase hash to key file for plain dm-crypt ?
arno at wagner.name
Fri Nov 7 19:56:44 CET 2014
the cryptsetup man-page has additional information about the
different ways a passphrase can be passed to it and what the
conventions are in section "NOTES ON PASSPHRASE PROCESSING
FOR PLAIN MODE". That should get you started.
If you want to generate a key that is the same as generated
by a specific passphrase, the easiest way is probably to
map the container with the passphrase and then extract the
key from dm-crypt. I am not sure this works, but if it does,
FAQ Item 6.10 has the information. dm-crypt just gets a
cipher and a key and does not know whether that key is a
LUKS master key or a plain key.
Your example may fail because of differences in padding,
for example. Also note that
sha512sum <<< 'my_passphrase' | head -c 128 > mykey
produces an ASCII representation of the hash truncated to
128 characters, while you probably want a binary representation
that is 128 bit long.
On Fri, Nov 07, 2014 at 17:34:39 CET, John Lane wrote:
> I'm trying to use plain dm-crypt. I have an example like this
> $ cryptsetup open /dev/sda mydisk --type plain --hash sha512
> that works fine. I enter 'password' as the pass phrase when requested.
> I want to create an equivalent key-file so that I can do
> $ cryptsetup open /dev/sda mydisk --type plain --key-file mykey
> I couldn't find a cryptsetup command do to this, so I tried these:
> $ openssl dgst -sha512 -binary <<< 'password' > mykey
> $ sha512sum <<< 'my_passphrase' | head -c 128 > mykey
> without success.
> As I understand it, the key file contains a binary key that is used
> as-is, so I would have thought the first try above would have worked. I
> even used xxd to check that mykey contained the hash in binary data.
> How can I make a key-file that is equivalent to a keyed-in passphrase?
> Thanks in advance.
> dm-crypt mailing list
> dm-crypt at saout.de
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt