Am 17.03.2012 13:54, schrieb Tom Gundersen:
There is no reason not to use a keyfile, and allowing literal passphrases in crypttab has caused issues with the parsing in the past. Furthermore, it is not supported by any other crypttab implementation (to the best of my knowledge). The use of keyfiles have been the recomendation in /etc/crypttab for as long as I can remember.
We are looking at refactoring the encryption support, and I think it makes sense to drop support for this when we move to the new implementation.
There's some special considerations when using keyfiles: cryptsetup strips the trailing newline from passphrases, but not from keyfiles. When using your passphrase from a keyfile, you need to make sure you put it in there without a trailing newline. Or (if you use LUKS), you can add any keyfile as a new keyslot.