1 |
Am 05.05.2010 10:00, schrieb Daniel Troeder: |
2 |
|
3 |
> That is a message from cryptsetup. As you are using openssl to get |
4 |
> the key, I think the problem might be there. |
5 |
|
6 |
ok .... |
7 |
|
8 |
> lvcreate -n crypttest -L 100M vg0 KEY=`tr -cd [:graph:] < |
9 |
> /dev/urandom | head -c 79` echo $KEY | openssl aes-256-ecb > |
10 |
> verysekrit.key openssl aes-256-ecb -d -in verysekrit.key # (aha :) |
11 |
> openssl aes-256-ecb -d -in verysekrit.key | cryptsetup -v --cipher |
12 |
> aes-cbc-plain --key-size 256 luksFormat /dev/vg0/crypttest openssl |
13 |
> aes-256-ecb -d -in verysekrit.key | cryptsetup luksOpen |
14 |
> /dev/vg0/crypttest decryptedtest cryptsetup luksClose crypttest # (i |
15 |
> couldn't close it... don't know why...) |
16 |
> |
17 |
> The key that cryptsetup is given to decrypt the partition is created |
18 |
> by openssl from the file. Please check the output of $ openssl |
19 |
> aes-256-ecb -d -in verysekrit.key under both kernel - it should be |
20 |
> identical. |
21 |
|
22 |
At first, thank you for your time and work! |
23 |
|
24 |
Tried that. I have to admit that I don't know the decryption password |
25 |
... but as far as I understand it should be the same as the |
26 |
unix-password of the user sgw. pam_mount.so should read it when I log |
27 |
in, correct? |
28 |
|
29 |
With this password I get a "bad decrypt" so this explains why it fails. |
30 |
|
31 |
Please let me repeat/point out that it is the same for 3 kernels |
32 |
(2.6.32-r1, 2.6.33-r[12] ... ), so I should change the subject to stay |
33 |
correct ... |
34 |
|
35 |
> BTW: You'll get your error message if you run: $ echo |
36 |
> notmykey | cryptsetup luksOpen /dev/vg0/crypttest decryptedtes |
37 |
|
38 |
Yes, correct. |
39 |
|
40 |
- |
41 |
|
42 |
I really wonder what the reason is ... should I downgrade openssl? |
43 |
|
44 |
Thanks Stefan |