Get cryptsetup working without typing a password

Question

I have used cryptsetup to encrypt an external hard drive.

I have no problem at using the encrypted hard drive in this way:

/sbin/cryptsetup luksOpen /dev/sdc1 backup   
// typing password   
// mounting the partition   
// doing something   
// unmounting the partition  
/sbin/cryptsetup luksClose /dev/mapper/backup

But my next requirement was to be able to do it without the need of typing a password.

Then I created a binary file with the hash of my password via this command:

hashalot -n 32 ripemd160 > volume_key 

and then:

/sbin/cryptsetup luksOpen -d volume_key /dev/sdc1 backup

but I get this error:

Command failed: No key available with this passphrase.

Any ideas guys?

Answer 1

In case you land here like I did looking for the answer, it goes like this:

Then I created a binary file with the hash of my password via this command:

 hashalot -n 32 ripemd160 > volume_key 

and then you must:

 /sbin/cryptsetup luksAddKey <device> volume_key       
 Enter any passphrase:   <- enter current passphrase aka: "typing password"

Now cryptsetup has added your file (volume_key) as another key to your volume. Technically, you can use any file you want for this key. A jpg image, or even any file full of random text.

Finally, now you can do this:

 /sbin/cryptsetup luksOpen -d volume_key /dev/sdc1 backup

cryptsetup will use the key file if it is there, or ask for your passphrase if it cannot find the file.

Answer 2

cryptsetup man page suggests the following about the -d parameter: "If you want to set a new key via a key file, you have to use a positional arg to luksFormat or luksAddKey."

Answer 3

The contents of the volume_key file will be hashed by cryptsetup, so you don't need to do that yourself?