[dm-crypt] cryptsetup with Python subprocess + pipes

Police Terror PoliceTerror at dyne.org
Thu Jun 23 23:37:13 CEST 2016


Hello,

I'm trying to make a plausible deniability encryption wrapper around
cryptsetup.

Basically it uses a hash table to first lookup an offset (encrypted with
the password), then uses that offset to load a hidden volume within a
contiguous file (within which other volumes may or may not exist).

The theory is solid, and everything is mostly working. The only problem
I'm having is doing the communication in Python:

    # Format the volume
    pipe = subprocess.Popen(["cryptsetup", "luksFormat", loop_device],
                            stdout=subprocess.PIPE,
                            stdin=subprocess.PIPE)
    out = pipe.communicate(input=b"YES\n" + password)
    if pipe.returncode:
        error("Problem formatting volume.")
        return pipe.returncode

For some reason, this does not give any output! But the volume gets
created, but I cannot decrypt it with the password.

I don't want to save the password to disk, so I cannot use --key-file.

For some reason, this works with other commands, just not cryptsetup. I
think it is suppressing output and stopping me doing this. Why?

Any help?

Thanks.


More information about the dm-crypt mailing list