Supplying keys with -p -k - fails #10

Closed
kmoore134 opened this Issue Jul 6, 2012 · 4 comments

Projects

None yet

2 participants

@kmoore134

I'm having trouble scripting support to enable pefs on a users home directory. It works fine when I supply the password via the CLI, but when I use the -p -k - option, the key generated doesn't match properly. In all these examples I've used the word "test" as the passphrase:

Here's how I use the password automated:
% echo "test" | pefs addkey -v -p -k - /usr/home/test
% echo "test" | pefs addchain -v -p -k - -Z /usr/home/test
Key added: f1b52b475ba90b4d

When I do the same thing, with manually entering the password "test", the Key is different:
% pefs addkey -v /usr/home/test
% pefs addchain -v -Z /usr/home/test
Key added: 4acb04c558f9a077

I tried testing the "addkey -c" after doing the first -p -k - method, and supplying the password "test" fails:

pefs addkey -c /usr/home/test

Enter passphrase:
pefs: key chain not found: 4acb04c558f9a077

But this works fine now:
% echo "test" | pefs addkey -c -p -k - /usr/home/test
Works!

@glk
Owner
glk commented Jul 6, 2012

Passwords entered by user are stretched with PBKDF, key files aren't.

I'll add -j option to match geli.

So it would become:
% echo "test" | pefs addkey -c -p -j - /usr/home/test

Alternatively you could disable PBKDF by setting zero iteration count:

# pefs mount /t /t
# pefs addkey -v -i 0 /t
Enter passphrase:
Key added: b3c2a2b09e9bc834
# umount /t 
# pefs mount /t /t
# echo -n test | pefs addkey -v -p -i 0 -k - /t
Key added: b3c2a2b09e9bc834
@glk
Owner
glk commented Aug 20, 2012

Implemented in 823d268

Behavior should match geli: -j option for passfile, multiple passfile/file options supports.

@kmoore134

On 07/06/2012 16:52, Gleb Kurtsou wrote:

Passwords entered by user are stretched with PBKDF, key files aren't.

I'll add -j option to match geli.

So it would become:
% echo "test" | pefs addkey -c -p -j - /usr/home/test

Alternatively you could disable PBKDF by setting zero iteration count:

# pefs mount /t /t
# pefs addkey -v -i 0 /t
Enter passphrase:
Key added: b3c2a2b09e9bc834
# umount /t 
# pefs mount /t /t
# echo -n test | pefs addkey -v -p -i 0 -k - /t
Key added: b3c2a2b09e9bc834

Reply to this email directly or view it on GitHub:
#10 (comment)

Sorry it took so long to get back to you on this.

I've done some additional testing, and it still doesn't work :(

First Test:

Using /tmp/test file with contents "test"

pefs addkey -v -j /tmp/test /usr/home/test

Key Added: e0fbc71b7838b3a3

Second Test:

echo "test" | pefs addkey -v -j - /usr/home/test

Key Added: e0fbc71b7838b3a3

Third Test:
(Manually entered the word test)

pefs addkey -v /usr/home/test

Key Added: 4acb04c558f9a077

I need the first and second methods to match the key generated by the
third case (The only one that works with pam module)

Kris Moore
PC-BSD Software
iXsystems

@glk
Owner
glk commented Oct 7, 2013

Fixed by c590e92 and 0bad4c6

@glk glk closed this Oct 7, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment