format UUID=<uuid>, which uses the symlinks in /dev/disk/by-uuid.
\fB<options>\fR can be [\-\-key-file, \-\-keyfile-offset,
-\-\-keyfile-size, \-\-readonly,
+\-\-keyfile-size, \-\-readonly, \-\-without-activation,
\-\-allow-discards, \-\-header, \-\-key-slot, \-\-master-key-file].
.PP
\fIluksClose\fR <name>
A kernel version of 3.1 or later is needed. For earlier kernels
this option is ignored.
.TP
+.B "\-\-without-activation\fR"
+Do not activate device, just verify passphrase.
+This option is only relevant for \fIluksOpen\fR.
+.TP
.B "\-\-header\fR <device or file storing the LUKS header>"
Use a detached (separated) metadata device or file where the
LUKS header is stored. This options allows to store ciphertext
static int opt_dump_master_key = 0;
static int opt_shared = 0;
static int opt_allow_discards = 0;
+static int opt_without_activation = 0;
static const char **action_argv;
static int action_argc;
static int action_luksOpen(int arg __attribute__((unused)))
{
struct crypt_device *cd = NULL;
- const char *data_device, *header_device;
+ const char *data_device, *header_device, *activated_name;
char *key = NULL;
uint32_t flags = 0;
int r, keysize;
data_device = NULL;
}
+ activated_name = opt_without_activation ? NULL : action_argv[1];
+
if ((r = crypt_init(&cd, header_device)))
goto out;
r = _read_mk(opt_master_key_file, &key, keysize);
if (r < 0)
goto out;
- r = crypt_activate_by_volume_key(cd, action_argv[1],
+ r = crypt_activate_by_volume_key(cd, activated_name,
key, keysize, flags);
} else if (opt_key_file) {
crypt_set_password_retry(cd, 1);
- r = crypt_activate_by_keyfile_offset(cd, action_argv[1],
+ r = crypt_activate_by_keyfile_offset(cd, activated_name,
opt_key_slot, opt_key_file, opt_keyfile_size,
opt_keyfile_offset, flags);
} else
- r = crypt_activate_by_passphrase(cd, action_argv[1],
+ r = crypt_activate_by_passphrase(cd, activated_name,
opt_key_slot, NULL, 0, flags);
out:
crypt_safe_free(key);
{ "uuid", '\0', POPT_ARG_STRING, &opt_uuid, 0, N_("UUID for device to use."), NULL },
{ "allow-discards", '\0', POPT_ARG_NONE, &opt_allow_discards, 0, N_("Allow discards (aka TRIM) requests for device."), NULL },
{ "header", '\0', POPT_ARG_STRING, &opt_header_device, 0, N_("Device or file with separated LUKS header."), NULL },
+ { "without-activation",'\0', POPT_ARG_NONE, &opt_without_activation, 0, N_("Do not activate device, just check passphrase."), NULL },
POPT_TABLEEND
};
poptContext popt_context;
poptGetInvocationName(popt_context));
}
+ if (opt_without_activation &&
+ strcmp(aname, "luksOpen"))
+ usage(popt_context, EXIT_FAILURE,
+ _("Option --without-activation is allowed only for luksOpen.\n"),
+ poptGetInvocationName(popt_context));
+
if (opt_key_size % 8)
usage(popt_context, EXIT_FAILURE,
_("Key size must be a multiple of 8 bits"),