Home / server / Questions / 174701
In Process
Daniele
Asked: 2010-08-27 01:07:25 +0800 CST

Get cryptsetup working without typing a password

  • 772

I have used cryptsetup to encrypt an external hard drive.

I have no problem at using the encrypted hard drive in this way: 

/sbin/cryptsetup luksOpen /dev/sdc1 backup   
// typing password   
// mounting the partition   
// doing something   
// unmounting the partition  
/sbin/cryptsetup luksClose /dev/mapper/backup

But my next requirement was to be able to do it without the need of typing a password.

Then I created a binary file with the hash of my password via this command: 

hashalot -n 32 ripemd160 > volume_key

and then: 

/sbin/cryptsetup luksOpen -d volume_key /dev/sdc1 backup

but I get this error: 

Command failed: No key available with this passphrase.

Any ideas guys?

password encryption

3 Answers

  1. In case you land here like I did looking for the answer, it goes like this:

    Then I created a binary file with the hash of my password via this command:

     hashalot -n 32 ripemd160 > volume_key

    and then you must:

     /sbin/cryptsetup luksAddKey <device> volume_key       
 Enter any passphrase:   <- enter current passphrase aka: "typing password"

    Now cryptsetup has added your file (volume_key) as another key to your volume. Technically, you can use any file you want for this key. A jpg image, or even any file full of random text.

    Finally, now you can do this:

     /sbin/cryptsetup luksOpen -d volume_key /dev/sdc1 backup

    cryptsetup will use the key file if it is there, or ask for your passphrase if it cannot find the file.

    • 3

  2. cryptsetup man page suggests the following about the -d parameter: "If you want to set a new key via a key file, you have to use a positional arg to luksFormat or luksAddKey."

    • 1

  3. The contents of the volume_key file will be hashed by cryptsetup, so you don't need to do that yourself?

    • 1