Piping in keys

Thanks to all who corrected me on my test post.  I made a few mistakes 
there - 'nuff said.

On Saturday 02 August 2008, Jonas wrote:
> PS: I doubt that it's possible to pipe both the current and a new key to
> cryptsetup luksAddKey at the same time. But why not use a temporary
> passphrase to add the key, and remove the keySlot with the passphrase
> afterwards. That requires passphrase input at least, but it avoids using
> temporary files. On the other hand it should be save to use tempfiles if
> you wipe/shred them afterwards.

That is a good point.  Any intermediate/temporary passphrase doesn't need to 
be written to disk.  It can be left in a variable and later destroyed.  That 
isn't the problem I have though:

I want to have an extremely secure partition/container.  I want the only keys 
to be random binary and stored on USB keys, encrypted too.  When I _create_ 
the container, lets say that I use my personal USB key, which I carry always.  
Now, I want to add another similar key.

I will need to get my USB key into luksAdd, and then perhaps type in an 
intermediate/temporary key as you suggest.  Well, I've tried it, as I said 
before, but I cannot get it to work.  I could use a suggestion here on how it 
can be done.

If it is possible, then I can work out the rest myself.  Otherwise, I will 
have to start reading the source.  I see no need to format the container 
using a text key or keyfile.  That seems less secure to me.  Isn't a USB 
key/encrypted 2-factor security?  Thanks again for any help!

Cheers,
Mick