1 |
On Tuesday 2010-05-18 15:44, Stefan G. Weichinger wrote: |
2 |
>> |
3 |
>> To be sure, use |
4 |
>> |
5 |
>> openssl -d ... | hexdump -C |
6 |
>> |
7 |
>> to detect newlines in the key. The shell has far too many occasions |
8 |
>> where \n gets stripped or added. |
9 |
> |
10 |
>Thanks for the hint. |
11 |
> |
12 |
>Could you please show me an example how it should look like and what to |
13 |
>look for? |
14 |
|
15 |
In case the key is a suboptimal ascii-only key, it looks like this. |
16 |
|
17 |
offset bytes broken up visual represent. |
18 |
00000000 35 34 28 5e 52 69 4c 22 3c 72 4c 35 35 27 70 32 |54(^RiL"<rL55'p2| |
19 |
00000010 39 59 48 21 3b 50 2e 25 52 6e 27 4f 4d 51 42 6b |9YH!;P.%Rn'OMQBk| |
20 |
00000020 34 43 38 76 4e 49 51 24 3f 5e 42 63 2f 6c 2d 76 |4C8vNIQ$?^Bc/l-v| |
21 |
00000030 34 7d 4d 6a 50 5c 41 3c 3f 70 76 67 22 57 21 6b |4}MjP\A<?pvg"W!k| |
22 |
00000040 77 78 5c 24 23 5e 2e 56 7a 56 24 5a 4f 7e 6a |wx\$#^.VzV$ZO~j| |
23 |
0000004f |
24 |
|
25 |
If there were a newline, one of the bytes would be 0a. |
26 |
|
27 |
>Do you know any howto where it is done "the right way"? |
28 |
|
29 |
The right and easy way is to just use the supplied pmt-ehd(8) tool, |
30 |
which works both interactively and non-interactively, depending on |
31 |
whether it's called with enough arguments or not, so there's something |
32 |
for everybody's flavor. |
33 |
It does not do LUKS yet as of pam_mount 2.2, though. Guess my |
34 |
todo list gets longer.. |