Learn how to non-interactively manage LUKS passphrases on a specific device using files or a named pipe.
Add an additional passphrase non-interactively using files
Store any current passphrase in a file without new-line character.
$ printf "anycurrentpassword" | tee current_passphrase
Store additional passphrase in a file without new-line character.
$ printf "badpassword" | tee additional_passphrase
Change passphrase file permissions.
$ chmod 400 current_passphrase
$ chmod 400 additional_passphrase
Add a passphrase to the specified key-slot using current and additional passphrase files.
$ sudo cryptsetup luksAddKey --key-file ./current_passphrase --key-slot 7 /dev/sdb1 ./additional_passphrase
Remove both passphrase files.
$ unlink current_passphrase
$ unlink additional_passphrase
Add an additional passphrase non-interactively using named pipe
Create named pipe.
$ mkfifo -m 600 ./cryptsetup_pipe
Add a passphrase to the specified key-slot using named pipe.
$ sudo cryptsetup luksAddKey --key-slot 7 --key-file ./cryptsetup_pipe /dev/sdb1 ./cryptsetup_pipe &
Provide any current passphrase.
$ printf "anycurrentpassword" > cryptsetup_pipe
Provide additional passphrase.
$ printf "badpassword" > cryptsetup_pipe
Remove named pipe.
$ unlink cryptsetup_pipe
Use these methods to perform other operations as described earlier – How to interactively manage LUKS passphrases.
You can change or remove passphrases non-interactively using intermediate files or a named pipe. Batch-mode is implicitly used when you provide passphrase as described here.