How to mount volume created in SiriKali from command line?

[ikatza]

So as the title says, however I'm interested when the option of Key+KeyFile are used to create the volume. Does cryfs, securefs, gocryptfs, encfs or ecrypts support Key+KeyFile?

If a volume was created with SiriKali and Key+KeyFile can it be mounted with something else?

[mhogomchungu]

No,these backends are not aware of the implementation of "key+keyfile" option as SiriKali generates a passphrase that is a combination of a key and a keyfile and passes on the result as a passphrase to these backends.

The passphrase is generated with the below formular:
passphrase = hmac_sha256(key,keyfile contents)

You can use a CLI tool "hmac256"[1](DO NOT set the binary option) among others to generate the passphrase independently of SiriKali. This CLI tool should already be installed in your computer(it is in mine).

You can also use openssl to generate the passphrase with something like below:

 cat path/to/KeyFile | openssl dgst -sha256 -hmac "Key"

[1] http://manpages.ubuntu.com/manpages/xenial/en/man1/hmac256.1.html

[mhogomchungu]

Implementations of key options are explained here: https://github.com/mhogomchungu/SiriKali/wiki/Frequently-Asked-Questions#40-what-does-different-key-options-means-in-the-dialog-for-creatingunlocking-volume

[ikatza]

Thanks! Already got it working.

[mhogomchungu]

Version 1.2.5 of SiriKali(already released) has an option to display a password in the password dialog prompt and you can use this feature to see the generated key that will be passed to the backend.

From CLI currently on this git version,you can get the password also by using "-s" option that enables the feature together with "-f" that takes a path to a keyfile. The password will be asked by a terminal prompt. Example of the above is below:

[mtz@ink ~]$ sirikali -s -f /home/mtz/key 
Password: 
408d71e534422ff5af7894216c6762adc4fe11dfda20a7b9bfb61946355d05c6
[mtz@ink ~]$