From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from v6.tansi.org (ns.km31936-01.keymachine.de [87.118.116.4]) by mail.server123.net (Postfix) with ESMTP for ; Fri, 7 Nov 2014 19:56:45 +0100 (CET) Received: from gatewagner.dyndns.org (77-57-44-24.dclient.hispeed.ch [77.57.44.24]) by v6.tansi.org (Postfix) with ESMTPA id 4028434FA001 for ; Fri, 7 Nov 2014 19:56:45 +0100 (CET) Date: Fri, 7 Nov 2014 19:56:44 +0100 From: Arno Wagner Message-ID: <20141107185644.GA14462@tansi.org> References: <545CF49F.9040305@jelmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <545CF49F.9040305@jelmail.com> Subject: Re: [dm-crypt] How can I write a passphrase hash to key file for plain dm-crypt ? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Hi John, the cryptsetup man-page has additional information about the different ways a passphrase can be passed to it and what the conventions are in section "NOTES ON PASSPHRASE PROCESSING FOR PLAIN MODE". That should get you started. If you want to generate a key that is the same as generated by a specific passphrase, the easiest way is probably to map the container with the passphrase and then extract the key from dm-crypt. I am not sure this works, but if it does, FAQ Item 6.10 has the information. dm-crypt just gets a cipher and a key and does not know whether that key is a LUKS master key or a plain key. Your example may fail because of differences in padding, for example. Also note that sha512sum <<< 'my_passphrase' | head -c 128 > mykey produces an ASCII representation of the hash truncated to 128 characters, while you probably want a binary representation that is 128 bit long. Arno On Fri, Nov 07, 2014 at 17:34:39 CET, John Lane wrote: > I'm trying to use plain dm-crypt. I have an example like this > > $ cryptsetup open /dev/sda mydisk --type plain --hash sha512 > > that works fine. I enter 'password' as the pass phrase when requested. > > I want to create an equivalent key-file so that I can do > > $ cryptsetup open /dev/sda mydisk --type plain --key-file mykey > > I couldn't find a cryptsetup command do to this, so I tried these: > > $ openssl dgst -sha512 -binary <<< 'password' > mykey > also > $ sha512sum <<< 'my_passphrase' | head -c 128 > mykey > > without success. > > As I understand it, the key file contains a binary key that is used > as-is, so I would have thought the first try above would have worked. I > even used xxd to check that mykey contained the hash in binary data. > > How can I make a key-file that is equivalent to a keyed-in passphrase? > > Thanks in advance. > > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier