[dm-crypt] cryptsetup with Python subprocess + pipes

Milan Broz gmazyland at gmail.com
Fri Jun 24 07:42:30 CEST 2016


On 06/23/2016 11:37 PM, Police Terror wrote:
> Hello,
> 
> I'm trying to make a plausible deniability encryption wrapper around
> cryptsetup.
> 
> Basically it uses a hash table to first lookup an offset (encrypted with
> the password), then uses that offset to load a hidden volume within a
> contiguous file (within which other volumes may or may not exist).
> 
> The theory is solid, and everything is mostly working. The only problem
> I'm having is doing the communication in Python:
> 
>     # Format the volume
>     pipe = subprocess.Popen(["cryptsetup", "luksFormat", loop_device],
>                             stdout=subprocess.PIPE,
>                             stdin=subprocess.PIPE)
>     out = pipe.communicate(input=b"YES\n" + password)
>     if pipe.returncode:
>         error("Problem formatting volume.")
>         return pipe.returncode
> 
> For some reason, this does not give any output! But the volume gets
> created, but I cannot decrypt it with the password.

Probably because if you use pipe, cryptsetup will switch to batch
mode where there is no question and no output.

It is better to add batch mode (-q switch) explicitly and remove from
"YES\n" from your script (otherwise it becomes password ;-).

There is also simple Python pycryptsetup wrapper (it doesn't cover all
commands though).

Milan


More information about the dm-crypt mailing list