Re: Unlock a Veracrypt/Truecrypt partition which uses a keyfile with a passphrase from /etc/crypttab

public inbox for cryptsetup@lists.linux.dev
 help / color / mirror / Atom feed

From: Milan Broz <gmazyland@gmail.com>
To: cryptsetup development <cryptsetup@lists.linux.dev>
Subject: Re: Unlock a Veracrypt/Truecrypt partition which uses a keyfile with a passphrase from /etc/crypttab
Date: Tue, 22 Aug 2023 12:00:46 +0200	[thread overview]
Message-ID: <4c815cd4-ad8c-4053-ae40-5e75010d6256@gmail.com> (raw)
In-Reply-To: <CALmZR2OZ0sKRui1Eu1FxQzBCBhvHHXbsHipGq+jfPUcteROS9A@mail.gmail.com>

On 8/22/23 11:31, Kent Larsson wrote:
> Hi! I have a Veracrypt (/Truecrypt) volume, which I can successfully
> unlock manually by providing a key file and passphrase:
> 
>      # cryptsetup --type tcrypt --key-file /.keyfile open /dev/nvme0n1p5 shared
>      Enter passphrase for /dev/nvme0n1p5:
> 
> Only root has `rw` on the key file, a binary file of 64 bytes.
> 
>      # ls -l /.keyfile
>      -rw------- 1 root root 64 aug 21 08:09 /.keyfile
>      # file /.keyfile
>      /.keyfile: data
>      # du -b /.keyfile
>      64 /.keyfile
> 
> Is there a way to unlock a Veracrypt (/Truecrypt, `/dev/nvme0n1p5` in
> my case) partition that uses a key file with a password in
> `/etc/crypttab`?

Crypttab should support keyfile as standard option (3rd option), see
https://www.freedesktop.org/software/systemd/man/crypttab.html

There was even dependency mechanism in systemd that mounts the device
with keyfile if not yet mounted.

(Crypttab is processed by systemd not cryptsetup itself. Ignoring
the old crypttab processing - but even there keyfile option was present.)

Milan

> 
> I have tried constructing a file with the structure
> `{passphrase}{newline}{key file contents}` and manually using it to
> unlock as above, but I still got the passphrase question. To create
> that file, I did the following:
> 
>      # echo 'mypassword' > /.keyfile_psw
>      # cat /.keyfile >> /.keyfile_psw
>

     prev parent reply	other threads:[~2023-08-22 10:00 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-22  9:31 Unlock a Veracrypt/Truecrypt partition which uses a keyfile with a passphrase from /etc/crypttab Kent Larsson
2023-08-22  9:37 ` Arno Wagner
2023-08-22 10:01   ` Milan Broz
2023-08-22 10:09     ` Arno Wagner
2023-08-22 10:16       ` Milan Broz
2023-08-22 10:00 ` Milan Broz [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4c815cd4-ad8c-4053-ae40-5e75010d6256@gmail.com \
    --to=gmazyland@gmail.com \
    --cc=cryptsetup@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox