3

I am getting "No key available with this passphrase." when trying:

sudo cryptsetup open --type luks /dev/sdc storage --key-file=/path/to/keyfile

The /path/to/keyfile file contains just the passphrase in plain text.

If I enter the same passphrase when asked interactively:

sudo cryptsetup open --type luks /dev/sdc storage

then it works.

Why would --key-file not work in this case? This is Ubuntu 14.04 @ Linux 3.13.0-68.

Greendrake
  • 1,391
  • 2
  • 13
  • 22

2 Answers2

6

My guess is that you have a trailing newline at the end of your keyfile. This will be used as part of the key so you will need to remove it.

You might try 

perl -pi -e 'chomp if eof' /path/to/file

to remove it. e.g.

A keyfile with text

fred\n

We can use od to see the contents of the file

od -x keyfile
0000000 7266 6465 000a
0000005

then after the perl script is run on it

od -x keyfile
0000000 7266 6465
0000004
user9517
  • 115,471
  • 20
  • 215
  • 297
  • Thank you! I actually tried to remove any possible trailing newlines using `nano` editor and Delete / Backspace keys, but apparently some sort of extra space character was still there. – Greendrake Dec 13 '15 at 00:01
0

You have misinterpreted the use of --key-file. The key file is a file with data (usually random data) that is used to unlock the medium, not a file where a password is stored in plain text.
Thus, you would create a key-file then add that key-file as a key to unlock the medium. Then, you need to keep that key-file safe, to secure your encrypted medium. One way to generate and add a key-file can be found here: HowToForge instruction

Hestben
  • 31
  • 7