Home / server / Questions / 742675
Accepted
Greendrake
Asked: 2015-12-13 14:52:55 +0800 CST

cryptsetup luksOpen key-file does not work

  • 772

I am getting "No key available with this passphrase." when trying:

sudo cryptsetup open --type luks /dev/sdc storage --key-file=/path/to/keyfile

The /path/to/keyfile file contains just the passphrase in plain text.

If I enter the same passphrase when asked interactively:

sudo cryptsetup open --type luks /dev/sdc storage

then it works.

Why would --key-file not work in this case? This is Ubuntu 14.04 @ Linux 3.13.0-68.

disk-encryption

2 Answers

  1. Best Answer

    My guess is that you have a trailing newline at the end of your keyfile. This will be used as part of the key so you will need to remove it.

    You might try 

    perl -pi -e 'chomp if eof' /path/to/file

    to remove it. e.g.

    A keyfile with text

    fred\n

    We can use od to see the contents of the file

    od -x keyfile
0000000 7266 6465 000a
0000005

    then after the perl script is run on it

    od -x keyfile
0000000 7266 6465
0000004
    • 5

  2. You have misinterpreted the use of --key-file. The key file is a file with data (usually random data) that is used to unlock the medium, not a file where a password is stored in plain text.
    Thus, you would create a key-file then add that key-file as a key to unlock the medium. Then, you need to keep that key-file safe, to secure your encrypted medium. One way to generate and add a key-file can be found here: HowToForge instruction

    • 0