Batch mode (-q) in luksKillSlot bypasses passphrase/keyfile
It's not clear from the manual that batch-mode (-q) bypasses any passphrase checking when running the luksKillSlot command.
e.g.
Command: cryptsetup luksKillSlot -q /dev/sdb 4
Result: key slot 4 is destroyed without any password prompt.
Expectation: that cryptsetup would prompt for a passphrase.
or, how I discovered this behaviour:
Command: cryptsetup luksKillSlot -q /dev/sdb 4 --key-file <a file that is not a correct key>
Result: key slot 4 is destroyed!
Expectation: that the command would fail because the key file supplied was not valid.
I had thought that batch-mode (-q) with luksKillSlot would just avoid the 'last key slot - are you sure?' confirmation message, not bypass the key checking. If this is desired behaviour, I think the manual should be clarified.
Furthermore, the manual states:
If you read the passphrase from stdin (without further argument or with '-' as argument to --key-file), batch-mode (-q) will be implicitely switched on
This would seem to imply the following:
Command: echo -n "<an invalid passphrase>" | cryptsetup luksKillSlot /dev/sdb 4 --key-file=-
(Now) expected result: key slot 4 is destroyed, as even though the passphrase is incorrect, batch-mode (-q) is implicitly activated, so this should work as if the -q argument was given.
Actual result: the command fails with error code 1 (no key available with this passphrase).
Tested with: cryptsetup 1.6.4 on Debian 7.9 (wheezy)