1 |
On Monday 2010-05-17 11:14, Stefan G. Weichinger wrote: |
2 |
>Am 16.05.2010 14:36, schrieb Jan Engelhardt: |
3 |
>> [Replying to |
4 |
>> http://thread.gmane.org/gmane.linux.gentoo.user/229533/focus=229542 |
5 |
>> ] |
6 |
>> |
7 |
>> Second, it's using echo without the -n parameter, thus implicitly |
8 |
>> inserting a newline into the key -- which is the cause for yoru |
9 |
>> observed mounting problems. |
10 |
>> |
11 |
>> Third, because you are passing the key via stdin into cryptsetup, it |
12 |
>> only uses the first line of whatever you pipe into it; whereas |
13 |
>> pam_mount uses the entire keyfile as it is supposed to be. |
14 |
>>[...] |
15 |
>Jan, thanks for your suggestions. |
16 |
> |
17 |
>I created a new LUKS-volume and tried to avoid all the mentioned |
18 |
>pitfalls (I used "echo -n", avoided stdin etc.), but this didn't help here. |
19 |
|
20 |
To be sure, use |
21 |
|
22 |
openssl -d ... | hexdump -C |
23 |
|
24 |
to detect newlines in the key. The shell has far too many occasions |
25 |
where \n gets stripped or added. |