[dm-crypt] Pass+keyfile

0x14 at openmailbox.org 0x14 at openmailbox.org
Mon Dec 1 03:54:19 CET 2014

Hi there, is this construction secure? Assuming "keyfile" is a file and 
"/dev/device" is a block device, both made with /dev/urandom.

cryptsetup open --hash=sha512 --cipher=aes-xts-plain64 --type=plain 
keyfile keyfile_tmp && cat /dev/mapper/keyfile_tmp | \
cryptsetup open --hash=sha512 --cipher=aes-xts-plain64 --type=plain 
--key-file=- /dev/device cryptodevice && \
cryptsetup close keyfile_tmp && mount /dev/mapper/cryptodevice 

The goal is to use pass+keyfile to decrypt storage. I put it in a script 
and it works as it should at a glance. Are there alternatives or 
improvements? Stupid errors maybe?


More information about the dm-crypt mailing list