Re: Can AddKey not use stdin for the new key?

[Chris X Edwards <chris@xed.ch>]

That is a sensible addition. I would have assumed that rather than
have some possibly randomly occurring newline (or whatever the problem
is) the straight echo would at least put the newline in a safe
(ignorable) place in my previous example. However, even using `-n` I
get the same situation.

    $ echo -n "simple" > simplekey
    $ cat simplekey |  cryptsetup luksAddKey /dev/sdb --new-keyfile - --new-key-slot 1
    No key available with this passphrase.

That's definitely a smart thing to try to rule out newline mischief
but the error message makes me think that it's just looking for the
authorizing passphrase using the new key I'm trying to add (which is
different behavior than when I actually specify a file). That may be
the case, but I'm not sure.

Thanks,
Chris


On 2023-08-24 17:23 +0200, Arno Wagner wrote:
> Make that "echo -n" and try again ;-)
> 
> Arno
> 
> 
> On Thu, Aug 24, 2023 at 17:06:33 CEST, Chris X Edwards wrote:
> > Hi,
> > Thanks for the reply. I did see this in the man page. Am I right to
> > assume this suggestion doesn't relate to the "how much time" aspect of
> > this passage? This leaves the much more treacherous formatting details
> > between the input modes. Certainly a cause for concern. The reason I
> > concluded this was an unlikely cause is that the Remove works as I
> > would imagine (with a piped key) and the Add does not. 
> > 
> > Another check is to go with a very simple passphrase key that can not
> > possibly have newline entanglements. (That's the goal, correct me if I'm
> > wrong.) We can start with a very simple key file.
> > 
> >     echo "simple" > simplekey
> > 
> > Let's try just the file.
> > 
> >     cryptsetup luksAddKey /dev/sdb --new-keyfile simplekey --new-key-slot 1
> >     Enter any existing passphrase: 
> > 
> > Works fine. (Passphrase to add is for existing slot 0 as desired.) Now
> > removing it.
> > 
> >     cat simplekey | cryptsetup luksRemoveKey /dev/sdb -
> > 
> > Works fine. Now try adding again but with piping instead of the file.
> > 
> >     cat simplekey | cryptsetup luksAddKey /dev/sdb --new-keyfile - --new-key-slot 1
> >     No key available with this passphrase.
> > 
> > And fail.
> > 
> > This may be a basic limitation of what is possible, but I'm just
> > trying to establish that fact clearly so I can give up on my dream of
> > using cryptsetup in the elegant way I imagine it can be used. :-)
> > 
> > Thanks,
> > Chris

-- 
++++++++++[>++++++++++++<-]>-...<++++++[>>+++++++<<-]>>++++.<+.<++++[>
Chris X Edwards-----<-]>+.- Have a nice day. >.<-.+++++><chris@xed.ch>