Home / server / Questions / 513605
Accepted
Hongli Lai
Asked: 2013-06-06 15:35:51 +0800 CST

How to non-interactively supply a passphrase to 'dmcrypt luksFormat'?

  • 772

I'm writing a script which automatically sets up testing environment virtual machines. This script should automatically format a dmcrypt+LUKS partition for me, with a certain passphrase. Because this is a local testing environment I don't care about the security of the passphrase, I just want the entire VM setup process to be automated and non-interactive.

How can I non-interactively supply a passphrase to 'dmcrypt luksFormat'? I want to use passphrases, not keys, because in production we use passphrases for LUKS as well.

luks

2 Answers

  1. Best Answer

    The first thing to do is to call the right command: it's cryptsetup, not dmcrypt.

    cryptsetup luksFormat /dev/vda2

    The second thing is that you can pass another argument to read the passphrase from a file, or from standard input (using -).

    echo -n "This isn't a very secure passphrase." | cryptsetup luksFormat /dev/vda2 -

    Note that the -n flag is necessary in echo to prevent a line feed from being appended to the password.

    See the cryptsetup man page for other ways to pass the key material in.

    • 20

  2. How to send passphrase with sudo

    echo 'passphraze' | echo 'sudopass' | sudo -S cryptsetup luksOpen /dev/sda5 media -d -
    • 1