Hi, Attached is something I found. I see that cryptsetup --key-file arguement uses only first 32 bytes of the file and anything beyond is unused.
I am on debian bullseye $ cryptsetup --version cryptsetup 2.3.0 $ Following is my test $ cat b #!/bin/bash #create a file dd if=/dev/zero of=./A bs=1 count=1 seek=50M #create a key dd if=/dev/urandom of=./key1 bs=1024 count=1 #create a plain dm-mapped crypt device with that key cryptsetup create dev1 ./A --key-file ./key1 mkfs.ext4 /dev/mapper/dev1 cryptsetup remove dev1 #Now that all is cleaned lets play with key again dd if=./key1 of=./key2 bs=512 count=1 #We create a key half the size of the original key cryptsetup create dev1 ./A --key-file ./key2 #check if the filesystem is the same ... if it is then there is a trouble file -sL /dev/mapper/dev1 $ sudo ./b 1+0 records in 1+0 records out 1 byte copied, 0.000141476 s, 7.1 kB/s 1+0 records in 1+0 records out 1024 bytes (1.0 kB, 1.0 KiB) copied, 0.000126398 s, 8.1 MB/s mke2fs 1.45.6 (20-Mar-2020) Creating filesystem with 51200 1k blocks and 12824 inodes Filesystem UUID: f667264a-5556-47fa-aafa-f236cc9f345a Superblock backups stored on blocks: 8193, 24577, 40961 Allocating group tables: done Writing inode tables: done Creating journal (4096 blocks): done Writing superblocks and filesystem accounting information: done 1+0 records in 1+0 records out 512 bytes copied, 6.4401e-05 s, 8.0 MB/s /dev/mapper/dev1: Linux rev 1.0 ext4 filesystem data, UUID=f667264a-5556-47fa-aafa-f236cc9f345a (extents) (64bit) (large files) (huge files) $ I kept digging down and saw that anything below 32 bytes is not accepted (by cryptsetup --key-file option) but anything above 32 bytes is discarded. Does this mean that cryptsetup plain with --key-file uses only 32 bytes ? Am I doing anything wrong ? I dont want to use passphrases and would like to get the keys from randomly generated key file. If only 32 bytes are used, it is (in my opinion) not so much secure isnt it ? -- Bhasker C V Secure Mails: http://keys.gnupg.net/pks/lookup?op=get&search=0x4D05FEEC54E47413 Registered Linux User: #306349