* Unlock a Veracrypt/Truecrypt partition which uses a keyfile with a passphrase from /etc/crypttab
@ 2023-08-22 9:31 Kent Larsson
2023-08-22 9:37 ` Arno Wagner
2023-08-22 10:00 ` Milan Broz
0 siblings, 2 replies; 6+ messages in thread
From: Kent Larsson @ 2023-08-22 9:31 UTC (permalink / raw)
To: cryptsetup
Hi! I have a Veracrypt (/Truecrypt) volume, which I can successfully
unlock manually by providing a key file and passphrase:
# cryptsetup --type tcrypt --key-file /.keyfile open /dev/nvme0n1p5 shared
Enter passphrase for /dev/nvme0n1p5:
Only root has `rw` on the key file, a binary file of 64 bytes.
# ls -l /.keyfile
-rw------- 1 root root 64 aug 21 08:09 /.keyfile
# file /.keyfile
/.keyfile: data
# du -b /.keyfile
64 /.keyfile
Is there a way to unlock a Veracrypt (/Truecrypt, `/dev/nvme0n1p5` in
my case) partition that uses a key file with a password in
`/etc/crypttab`?
I have tried constructing a file with the structure
`{passphrase}{newline}{key file contents}` and manually using it to
unlock as above, but I still got the passphrase question. To create
that file, I did the following:
# echo 'mypassword' > /.keyfile_psw
# cat /.keyfile >> /.keyfile_psw
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: Unlock a Veracrypt/Truecrypt partition which uses a keyfile with a passphrase from /etc/crypttab
2023-08-22 9:31 Unlock a Veracrypt/Truecrypt partition which uses a keyfile with a passphrase from /etc/crypttab Kent Larsson
@ 2023-08-22 9:37 ` Arno Wagner
2023-08-22 10:01 ` Milan Broz
2023-08-22 10:00 ` Milan Broz
1 sibling, 1 reply; 6+ messages in thread
From: Arno Wagner @ 2023-08-22 9:37 UTC (permalink / raw)
To: cryptsetup
That sounds like a question for the Veracrypt maintainers.
/etc/crypttab is not even used by cryptestup, the topic
of this mailing list.
Regards,
Arno
On Tue, Aug 22, 2023 at 11:31:33 CEST, Kent Larsson wrote:
> Hi! I have a Veracrypt (/Truecrypt) volume, which I can successfully
> unlock manually by providing a key file and passphrase:
>
> # cryptsetup --type tcrypt --key-file /.keyfile open /dev/nvme0n1p5 shared
> Enter passphrase for /dev/nvme0n1p5:
>
> Only root has `rw` on the key file, a binary file of 64 bytes.
>
> # ls -l /.keyfile
> -rw------- 1 root root 64 aug 21 08:09 /.keyfile
> # file /.keyfile
> /.keyfile: data
> # du -b /.keyfile
> 64 /.keyfile
>
> Is there a way to unlock a Veracrypt (/Truecrypt, `/dev/nvme0n1p5` in
> my case) partition that uses a key file with a password in
> `/etc/crypttab`?
>
> I have tried constructing a file with the structure
> `{passphrase}{newline}{key file contents}` and manually using it to
> unlock as above, but I still got the passphrase question. To create
> that file, I did the following:
>
> # echo 'mypassword' > /.keyfile_psw
> # cat /.keyfile >> /.keyfile_psw
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: Unlock a Veracrypt/Truecrypt partition which uses a keyfile with a passphrase from /etc/crypttab
2023-08-22 9:37 ` Arno Wagner
@ 2023-08-22 10:01 ` Milan Broz
2023-08-22 10:09 ` Arno Wagner
0 siblings, 1 reply; 6+ messages in thread
From: Milan Broz @ 2023-08-22 10:01 UTC (permalink / raw)
To: cryptsetup development
On 8/22/23 11:37, Arno Wagner wrote:
> That sounds like a question for the Veracrypt maintainers.
> /etc/crypttab is not even used by cryptestup, the topic
> of this mailing list.
Actually, this has nothing to do with Veracrypt code, systemd crypttab
supports mounting of Veracrypt volumes through libcryptsetup.
Milan
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Unlock a Veracrypt/Truecrypt partition which uses a keyfile with a passphrase from /etc/crypttab
2023-08-22 10:01 ` Milan Broz
@ 2023-08-22 10:09 ` Arno Wagner
2023-08-22 10:16 ` Milan Broz
0 siblings, 1 reply; 6+ messages in thread
From: Arno Wagner @ 2023-08-22 10:09 UTC (permalink / raw)
To: cryptsetup development
On Tue, Aug 22, 2023 at 12:01:37 CEST, Milan Broz wrote:
> On 8/22/23 11:37, Arno Wagner wrote:
> > That sounds like a question for the Veracrypt maintainers.
> > /etc/crypttab is not even used by cryptestup, the topic
> > of this mailing list.
>
> Actually, this has nothing to do with Veracrypt code, systemd crypttab
> supports mounting of Veracrypt volumes through libcryptsetup.
>
> Milan
Thanks for the correction. I would not know, I am still
running systemd-free and have no intentions of changing that.
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Unlock a Veracrypt/Truecrypt partition which uses a keyfile with a passphrase from /etc/crypttab
2023-08-22 10:09 ` Arno Wagner
@ 2023-08-22 10:16 ` Milan Broz
0 siblings, 0 replies; 6+ messages in thread
From: Milan Broz @ 2023-08-22 10:16 UTC (permalink / raw)
To: cryptsetup development
On 8/22/23 12:09, Arno Wagner wrote:
> On Tue, Aug 22, 2023 at 12:01:37 CEST, Milan Broz wrote:
>> On 8/22/23 11:37, Arno Wagner wrote:
>>> That sounds like a question for the Veracrypt maintainers.
>>> /etc/crypttab is not even used by cryptestup, the topic
>>> of this mailing list.
>>
>> Actually, this has nothing to do with Veracrypt code, systemd crypttab
>> supports mounting of Veracrypt volumes through libcryptsetup.
>>
>> Milan
>
> Thanks for the correction. I would not know, I am still
> running systemd-free and have no intentions of changing that.
I think Debian non-systemd crypttab parsing supports tcrypt
libcryptsetup mounting options as well - I was quite surprised too :)
Milan
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Unlock a Veracrypt/Truecrypt partition which uses a keyfile with a passphrase from /etc/crypttab
2023-08-22 9:31 Unlock a Veracrypt/Truecrypt partition which uses a keyfile with a passphrase from /etc/crypttab Kent Larsson
2023-08-22 9:37 ` Arno Wagner
@ 2023-08-22 10:00 ` Milan Broz
1 sibling, 0 replies; 6+ messages in thread
From: Milan Broz @ 2023-08-22 10:00 UTC (permalink / raw)
To: cryptsetup development
On 8/22/23 11:31, Kent Larsson wrote:
> Hi! I have a Veracrypt (/Truecrypt) volume, which I can successfully
> unlock manually by providing a key file and passphrase:
>
> # cryptsetup --type tcrypt --key-file /.keyfile open /dev/nvme0n1p5 shared
> Enter passphrase for /dev/nvme0n1p5:
>
> Only root has `rw` on the key file, a binary file of 64 bytes.
>
> # ls -l /.keyfile
> -rw------- 1 root root 64 aug 21 08:09 /.keyfile
> # file /.keyfile
> /.keyfile: data
> # du -b /.keyfile
> 64 /.keyfile
>
> Is there a way to unlock a Veracrypt (/Truecrypt, `/dev/nvme0n1p5` in
> my case) partition that uses a key file with a password in
> `/etc/crypttab`?
Crypttab should support keyfile as standard option (3rd option), see
https://www.freedesktop.org/software/systemd/man/crypttab.html
There was even dependency mechanism in systemd that mounts the device
with keyfile if not yet mounted.
(Crypttab is processed by systemd not cryptsetup itself. Ignoring
the old crypttab processing - but even there keyfile option was present.)
Milan
>
> I have tried constructing a file with the structure
> `{passphrase}{newline}{key file contents}` and manually using it to
> unlock as above, but I still got the passphrase question. To create
> that file, I did the following:
>
> # echo 'mypassword' > /.keyfile_psw
> # cat /.keyfile >> /.keyfile_psw
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-08-22 10:16 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-22 9:31 Unlock a Veracrypt/Truecrypt partition which uses a keyfile with a passphrase from /etc/crypttab Kent Larsson
2023-08-22 9:37 ` Arno Wagner
2023-08-22 10:01 ` Milan Broz
2023-08-22 10:09 ` Arno Wagner
2023-08-22 10:16 ` Milan Broz
2023-08-22 10:00 ` Milan Broz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox