Unlock LUKS partition using keyfile without root access?

Is there any way to unlock LUKS partition using keyfile while not having root priviliges? (using sudo is not an option)

I know that udisksctl can open LUKS partition, however it can do it only with a passphrase.

Asked By: kaolpr


No. And even solutions that apparently do it without root privileges, actually do have root privileges. This is just a basic requirement for mounting or accessing raw disk data. If you could do those without root priveleges, you could read files you have no permission to read (by reading and searching the raw data), and if you could mount you could mess up the VFS filesystem tree, possibly in creative ways that let you obtain permissions you’re not supposed to have.

What you could do, if you already had read permission to the raw encrypted data, is implement everything needed to access it and extract files from it in software that runs without root permissions. So basically you’d treating a LUKS encrypted image file as you would a GPG-encrypted tar. If this is what you wanted, and for some reason absolutely had no root or sudo available, you’d usually use the tar in the first place since that’s what already exists as a read-to-use solution.

To provide a more practical approach to your problem: keyfiles are passphrases and passphrases are keyfiles, really. Apart from some minor details (e.g. how it treats newlines), LUKS does not really make a distinction here. Keyfile just means it reads the passphrase from a file.

So you could just use keyfiles that are printable ASCII and don’t have newlines in them.

That is, if udisksctl really doesn’t support keyfiles. Kind of hard to understand why.

Answered By: frostschutz
Categories: Answers Tags: , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.