diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index 104ee948..319f963a 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -958,9 +958,22 @@ static int action_luksAddKey(void)
 		r = _read_mk(opt_master_key_file, &key, keysize);
 		if (r < 0)
 			goto out;
-		//FIXME: process keyfile arg
-		r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot,
-						    key, keysize, NULL, 0);
+
+		r = crypt_volume_key_verify(cd, key, keysize);
+		check_signal(&r);
+		if (r < 0)
+			goto out;
+
+		r = tools_get_key(_("Enter new passphrase for key slot: "),
+				  &password_new, &password_new_size,
+				  opt_new_keyfile_offset, opt_new_keyfile_size,
+				  opt_new_key_file, opt_timeout,
+				  _verify_passphrase(1), 1, cd);
+		if (r < 0)
+			goto out;
+
+		r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot, key, keysize,
+						    password_new, password_new_size);
 	} else if (opt_key_file || opt_new_key_file) {
 		r = crypt_keyslot_add_by_keyfile_offset(cd, opt_key_slot,
 			opt_key_file, opt_keyfile_size, opt_keyfile_offset,
diff --git a/tests/compat-test b/tests/compat-test
index 33a31dee..5247fd33 100755
--- a/tests/compat-test
+++ b/tests/compat-test
@@ -314,6 +314,9 @@ $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail
 echo $PWD2 | $CRYPTSETUP luksAddKey $LOOPDEV --master-key-file /dev/zero --key-slot 4 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: ENABLED" || fail
 echo $PWD3 | $CRYPTSETUP luksAddKey $LOOPDEV --master-key-file /dev/null --key-slot 5 2>/dev/null && fail
+$CRYPTSETUP luksAddKey $LOOPDEV --master-key-file /dev/zero --key-slot 5 $KEY1 || fail
+$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail
+
 # [0]PWD1 [1]PWD2 [2]$KEY1/1 [3]$KEY1 [4]$KEY2
 $CRYPTSETUP -q luksFormat $LOOPDEV $KEY1 --key-slot 3 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail