From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Sun, 9 Aug 2020 09:52:01 +0200 (CEST) Received: by mail-ed1-x531.google.com with SMTP id ba10so4217229edb.3 for ; Sun, 09 Aug 2020 00:52:01 -0700 (PDT) References: <173d0f6cd51.fb4f7ba8559099.2318785520831138201@xoxy.net> From: Milan Broz Message-ID: <6da32af3-6bd2-4a84-cf93-0c3d71a66a1f@gmail.com> Date: Sun, 9 Aug 2020 09:51:58 +0200 MIME-Version: 1.0 In-Reply-To: <173d0f6cd51.fb4f7ba8559099.2318785520831138201@xoxy.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Unattended generation/opening. List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Diagon , dm-crypt On 09/08/2020 04:05, Diagon wrote: > Could someone let me know what I'm doing wrong here? I'm trying to do this in a script, but it doesn't work on the command line, either: > > $ echo "lukssecpwd" | sudo cryptsetup -c twofish-xts-plain64 -s 512 luksFormat /dev/loop5 - Remove that dash in the end of the line. It will switch to keyfile mode and EOL characted (\r) becomes part of the unlocking passphrase. Alternatively you can do in format: echo -n "lukssecpwd" .. > $ echo "lukssecpwd" | sudo cryptsetup open /dev/loop5 crypt.secret You will have to use "--key-file -" to do the same trick. Ream man page section NOTES ON PASSPHRASE PROCESSING FOR LUKS. Milan