10

I'm writing a script which automatically sets up testing environment virtual machines. This script should automatically format a dmcrypt+LUKS partition for me, with a certain passphrase. Because this is a local testing environment I don't care about the security of the passphrase, I just want the entire VM setup process to be automated and non-interactive.

How can I non-interactively supply a passphrase to 'dmcrypt luksFormat'? I want to use passphrases, not keys, because in production we use passphrases for LUKS as well.

Hongli Lai
  • 2,112
  • 4
  • 22
  • 27

2 Answers2

20

The first thing to do is to call the right command: it's cryptsetup, not dmcrypt.

cryptsetup luksFormat /dev/vda2

The second thing is that you can pass another argument to read the passphrase from a file, or from standard input (using -).

echo -n "This isn't a very secure passphrase." | cryptsetup luksFormat /dev/vda2 -

Note that the -n flag is necessary in echo to prevent a line feed from being appended to the password.

See the cryptsetup man page for other ways to pass the key material in.

Deltik
  • 314
  • 1
  • 4
  • 14
Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • 4
    I had some difficulty unlocking my volume after creating it this way. The newline character was tripping me up. `printf "This isn't a very secure passphrase." | cryptsetup luksFormat /dev/vda2 -` worked better for me. YMMV. – Kenny Rasschaert Nov 03 '14 at 20:18
1

How to send passphrase with sudo

echo 'passphraze' | echo 'sudopass' | sudo -S cryptsetup luksOpen /dev/sda5 media -d -
Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
Евгений Саранин
  • 11
  • 1