Am Sat, 28 Jul 2012 13:02:38 +0200 schrieb Tom Gundersen <teg@jklm.no>:
Could you please include the old and the new syntax you use so I can understand the problem?
The old syntax: home /dev/sdaX /dev/usbkey:15675879:1024 The new syntax: home /dev/sdaX /dev/usbkey size=1024,keyfile-offset=15675879 The old syntax and the cryptsetup handling of initscripts, most part of which I have written, btw., just works. The new syntax and the cryptsetup handling of systemd does not. See the /dev*) part in do_unlock_legacy(), and there particularly the *) part. This is what I need.
The key file is never written anywhere.
Are you sure? How is the key read and passed to cryptsetup? This usually has to be done by entering the password manually or by passing a key file. So if a key is read by dd it has to be written to a temporary file, which then can passed to cryptsetup. And for security reasons this temp file should first be overwritten and then deleted directly after the container is opened. Heiko