From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mail.saout.de (Postfix) with ESMTP for ; Tue, 13 Jul 2010 23:12:43 +0200 (CEST) Message-ID: <4C3CD6C8.6020303@redhat.com> Date: Tue, 13 Jul 2010 23:12:40 +0200 From: Milan Broz MIME-Version: 1.0 References: <1279054281.867.5.camel@Koma-Station.localdomain> In-Reply-To: <1279054281.867.5.camel@Koma-Station.localdomain> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Wrong behavior? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Sven Eschenberg Cc: dm-crypt@saout.de On 07/13/2010 10:51 PM, Sven Eschenberg wrote: > Hi list, I just tried to issue the following command: > > cryptsetup -c aes-xts-plain -s 256 -i 5000 > --master-key-file /kspace/tmpmaster > luksFormat /dev/md125 /kspace/tmpkey.0 > > where tmpmaster and tmpkey.0 are binary files with entropy I wish to use > for (tmpmaster) master key for the volume and (tmpkey.0) passphrase/key > in key slot 0. > > When I run the command, cryptsetup asks for a passphrase nevertheless, > although it is stated: > > luksFormat [] - formats a LUKS device > > As an alternative, I tried passing the key file for the slot via > --key-file since the manpage states this has precedence if used. No > change though. > > Is this a know bug? you mean that keyfile should be used there? Yes, I think it is not supported yet, easy to fix it though, can you please add this to issues on google page? (I'll fix it but later.) (that option was meant for key escrow recovery mainly, for format you want to use RNG generated master key in most situations) Milan > P.S.: Do I remember correctly, that the payload offset given by luksDump > is always in 512 bytes sectors? yes.