From: "Nico R." <n-roeser@gmx.net>
To: dm-crypt@saout.de
Subject: [dm-crypt] Problem with piped passphrases containing newline character
Date: Thu, 27 May 2010 00:48:36 +0200 [thread overview]
Message-ID: <4BFDA544.1060707@gmx.net> (raw)
[-- Attachment #1: Type: text/plain, Size: 2070 bytes --]
Hello!
I am using some code like the following in order to initialize and open
LUKS containers:
$ gpg -d < secret.asc | sudo \
cryptsetup luksFormat /dev/$DEVICE -
$ gpg -d < secret.asc | sudo \
cryptsetup --key-file=- luksOpen /dev/$DEVICE blah
secret.asc is a file encrypted with GnuPG, which contains unknown
(possibly random) data. It usually includes at least one newline character.
The above commands have been carefully crafted after reading the man
page over and over (especially the parts about reading passphrases from
standard input or a pipe, and about newline handling), and after
studying the relevant parts of the code. I believe that this was the
proper way to use passphrases which are binary blobs with cryptsetup
versions around 1.0.6.
It used to work properly with cryptsetup-1.0.6. However, I am now
experiencing an error with cryptsetup-1.1.1 if the passphrase is
containing a newline character. I am using a simplified testcase to show
the problem. The following commands are written for bash. I assume that
there is a block device named /dev/loop0 which has enough space to hold
a LUKS container.
$ export LC_ALL=POSIX
$ echo -n $'foo\nbar' | sudo \
cryptsetup luksFormat /dev/loop0 -
$ echo -n $'foo\nbar' | sudo \
cryptsetup --key-file=- luksOpen /dev/loop0 testing
No key available with this passphrase.
At first it seemed to be related to issue 52[1], but trying out the svn
revisions around 208 did not confirm that assumption.
I svn-bisect[2]-ed the problem, and found out that the change in
behavior was probably introduced somewhere between r109 and r124
(inclusively, each). I have not digged even more deeply into it, because
I currently do not understand the tricky details.
This is probably a bug in the code, or the documentation is misleading.
Or am I using cryptsetup improperly and am I misunderstanding its manpage?
[1] https://code.google.com/p/cryptsetup/issues/detail?id=52
[2] http://search.cpan.org/perldoc?svn-bisect
Thanks
--
Nico
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
next reply other threads:[~2010-05-26 22:48 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-26 22:48 Nico R. [this message]
2010-05-27 9:20 ` [dm-crypt] Problem with piped passphrases containing newline character Milan Broz
2010-05-28 8:34 ` Nico R.
2010-05-28 8:43 ` Milan Broz
2010-05-28 9:06 ` Nico R.
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BFDA544.1060707@gmx.net \
--to=n-roeser@gmx.net \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox