Hi,
Attached is something I found. I see that cryptsetup --key-file arguement uses only first 32 bytes of the file and anything beyond is unused.
I am on debian bullseye
$ cryptsetup --version
cryptsetup 2.3.0
$
Following is my test
$ cat b
#!/bin/bash
#create a file
dd if=/dev/zero of=./A bs=1 count=1 seek=50M
#create a key
dd if=/dev/urandom of=./key1 bs=1024 count=1
#create a plain dm-mapped crypt device with that key
cryptsetup create dev1 ./A --key-file ./key1
mkfs.ext4 /dev/mapper/dev1
cryptsetup remove dev1
#Now that all is cleaned lets play with key again
dd if=./key1 of=./key2 bs=512 count=1 #We create a
key half the size of the original key
cryptsetup create dev1 ./A --key-file ./key2
#check if the filesystem is the same ... if
it is then there is a trouble
file -sL /dev/mapper/dev1
$ sudo ./b
1+0 records in
1+0 records out
1 byte copied, 0.000141476 s, 7.1 kB/s
1+0 records in
1+0 records out
1024 bytes (1.0 kB, 1.0 KiB) copied, 0.000126398 s, 8.1
MB/s
mke2fs 1.45.6 (20-Mar-2020)
Creating filesystem with 51200 1k blocks and 12824
inodes
Filesystem UUID: f667264a-5556-47fa-aafa-f236cc9f345a
Superblock backups stored on blocks:
8193, 24577, 40961
Allocating group tables:
done
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting
information: done
1+0 records in
1+0 records out
512 bytes copied, 6.4401e-05 s, 8.0 MB/s
/dev/mapper/dev1: Linux rev 1.0 ext4 filesystem data,
UUID=f667264a-5556-47fa-aafa-f236cc9f345a (extents) (64bit)
(large files) (huge files)
$
I kept digging down and saw that anything below 32 bytes is not
accepted (by cryptsetup --key-file option) but anything above 32
bytes is discarded. Does this mean that cryptsetup plain with
--key-file uses only 32 bytes ? Am I doing anything wrong ? I dont
want to use passphrases and would like to get the keys from
randomly generated key file. If only 32 bytes are used, it is (in
my opinion) not so much secure isnt it ?
-- Bhasker C V Secure Mails: http://keys.gnupg.net/pks/lookup?op=get&search=0x4D05FEEC54E47413 Registered Linux User: #306349