From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.6 required=3.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D54F3C433DB for ; Tue, 22 Dec 2020 13:43:01 +0000 (UTC) Received: from mail.server123.net (mail.server123.net [78.46.64.186]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 578C823105 for ; Tue, 22 Dec 2020 13:43:01 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 578C823105 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=dm-crypt-bounces@saout.de X-Virus-Scanned: amavisd-new at saout.de Authentication-Results: mail.server123.net (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::332; helo=mail-wm1-x332.google.com; envelope-from=gmazyland@gmail.com; receiver= Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [IPv6:2a00:1450:4864:20::332]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Tue, 22 Dec 2020 14:42:08 +0100 (CET) Received: by mail-wm1-x332.google.com with SMTP id a6so1900005wmc.2 for ; Tue, 22 Dec 2020 05:42:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=FbaS4kWab0nYRJGKmhJMdGqtPQ2vL8nsn9F9ytJ6ABY=; b=JBUS3rzxMapUX1YFcw7DvrOJNUujWyQ0QVbIAdGZToSUwXP/yC70HJxqtk1CkawroR WNHOsyDrPHDZeTWaHgRD8nJiSv7kBaJTUF/eY3i8ppGj4uvDEVzP3MIhkk5EzuTAFkui CctEG4fS1uLsx4VVyf8EPp1WlNAHmjvk7tqQP5Bz+sXqoN0VNTqd2/zzIzFN1Zr83KTS hT/bu5lhnw3xCGwtMh/CbcvEsBX/ERLNT20/sYUB9g6lGu34T1rje9WxFhPFGUO+BkFc nLZ1Nliu54CYanX42hze4PUZKawRMKFYW/I3rrx2VyPVmTLYVcAXksDa0bMbxtslY8B6 GE6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=FbaS4kWab0nYRJGKmhJMdGqtPQ2vL8nsn9F9ytJ6ABY=; b=gY+f0BHyKzXduYCz9pfjTlN7c4JhHVWKMS5hlqwZ2P8U24SQY80oQpfb7Q6ENmsM72 sZcUbILCQuEFaq593NiT6E8VJ2o83yoIgJZqy56L79adH2sjcpp84jFJJN4CQ2FIKu+2 L6/DROUjzBwN28BkGS/dUVsH9fV8nZE5KUBtQF/+kBwrSr8xbIa5vHOOAIykK3dGUzAf tDhu3e09MDLt2cssxgbCFJu42EzB82VakYKNQ4Tqy2JzYim3Sa7vRgCexwQvTHk6I6AW cqtJ1x6I46LiiybxhpKmv3HJf7kAbFkVLVZGEExJGB1rR54rfPH/qRpgWSNQHYSzwbdW N3JA== X-Gm-Message-State: AOAM531Cl9ik1qv4jh3O1UFUcLhezVLw9MBEK7w2WrJAEVTW3CqhBZie MKmGaIzLc7Dndd4Jd0gNj1inx1gEOQo= X-Google-Smtp-Source: ABdhPJxRT6OGyzDYyWQv/6lb0ciGFZAIP7OCiQiEK04NlJ0LER2Myg78LxqkiV4HYsNafw7tXSs77Q== X-Received: by 2002:a1c:48d:: with SMTP id 135mr22082374wme.147.1608644527935; Tue, 22 Dec 2020 05:42:07 -0800 (PST) Received: from [192.168.2.27] (39.35.broadband4.iol.cz. [85.71.35.39]) by smtp.gmail.com with ESMTPSA id d9sm34206917wrc.87.2020.12.22.05.42.06 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 22 Dec 2020 05:42:07 -0800 (PST) To: Misha Gusarov , dm-crypt@saout.de References: From: Milan Broz Message-ID: <5f77202f-ac76-66c4-5700-e00e516f68e6@gmail.com> Date: Tue, 22 Dec 2020 14:42:06 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US Subject: Re: [dm-crypt] Creating a LUKS container with a pre-made Argon hash X-BeenThere: dm-crypt@saout.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: dm-crypt-bounces@saout.de Sender: "dm-crypt" On 12/12/2020 00:07, Misha Gusarov wrote: > I'm trying to do an unattended rollout of Linux installations with FDE > set up. > I would like to avoid storing credentials in the configuration > repository though. > > Is there a way to pass a pre-made Argon password hash to cryptsetup to > use to > generate a new master key, or is the plaintext password needed for this > operation? No, there is no such function. Not sure if I understand this use case, but you cannot regenerate master (volume) key without providing input that unlocks keyslot that stores that key. (Or you need to provide the whole binary keyslot area). But you can later regenerate volume key with reencrypt command. (Some deployed systems call this during first boot.) Milan _______________________________________________ dm-crypt mailing list dm-crypt@saout.de https://www.saout.de/mailman/listinfo/dm-crypt