[dm-crypt] pashphrase management question

Sven Eschenberg sven at whgl.uni-frankfurt.de
Wed Oct 26 23:21:56 CEST 2016



Am 26.10.2016 um 23:08 schrieb ClEmFoster:
> On Wed, October 26, 2016 2:39 pm, Michael Kjörling wrote:

>> luksChangeKey <device> [<new key file>]
>>
>> Changes an existing passphrase. The passphrase to be changed
>> must be supplied interactively or via --key-file. The new passphrase can be
>> supplied interactively or in a file given as positional argument. /.../
>> <options> can be [--key-file, --keyfile-offset, --keyfile-size,
>> --new-keyfile-offset, --new-keyfile-size, --key-slot].
>>
>>
>> That should be all you need.
>
> I did read that in the man page, but if you want a passphrase changed in
> that manor then you have to put the new and old passphrase in a file plain
> text.  Unless I am missing something.  I was hoping to fine some way to
> encrypt it before passing it in.  like you can do with other applications.
>

That makes absolutely no sense to me. Why would you want to encrypt a 
passphrase? Or in other words, what's wrong with binary files?
Or don't you want to store the files on disk? Then be reminded: STDIN 
and STDOUT are files, and can be connected to pipes.


>
>>
>>
>> --
>> Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se
>> “People who think they know everything really annoy those of us who know
>> we don’t.” (Bjarne Stroustrup)
>> _______________________________________________
>> dm-crypt mailing list dm-crypt at saout.de
>> http://www.saout.de/mailman/listinfo/dm-crypt
>>
>>
>>
>
>
> Thanks
>
> Travis
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>

-Sven


More information about the dm-crypt mailing list