[dm-crypt] luksAddKey successful but not working

Arno Wagner arno at wagner.name
Wed May 22 16:33:45 CEST 2013

A look into the man-page of cryptsetup shows that luksAddKey does
not write the key-file, but reads it. I am surprised though that
cryptsetup does not complain that the file is missing. With my
system (cryptsetup 1.6.0) it does:

# cryptsetup luksAddKey /dev/loop0 keyfile
Enter any passphrase:
Failed to open key file.    <---

Have you created "keyfile" before? If so, you just added the empty 
passphrase to your device, something you probably do not want to do.


On Wed, May 22, 2013 at 08:50:22AM -0400, leam hall wrote:
> Help! I've nearly broken my desk banging my head against this problem. I am
> using Red Hat 5.9 base install and trying to set the LUKS volume to come
> on-line on boot.
> The volume can be manually mounted. However, when I try to create the key
> file it becomes a 0 length file and does not work when the system boots.
> cryptsetup luksAddKey /dev/sda2 keyfile
> Enter any LUKS passphrase:
> Verify passphrase:
> key slot 0 unlocked.
> Command successful.
> ls -lart keyfile
> -rw------- 1 root root 0 May 22 08:42 keyfile
> cat /etc/crypttab
> luks /dev/sda2 /root/keyfile luks
> This is probably operator error but I'm not sure where to look. Any help
> appreciated!
> Leam
> -- 
> Mind on a Mission <http://leamhall.blogspot.com/>

> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare

More information about the dm-crypt mailing list