| 1 |
Am 05.05.2010 10:00, schrieb Daniel Troeder: |
| 2 |
|
| 3 |
> That is a message from cryptsetup. As you are using openssl to get |
| 4 |
> the key, I think the problem might be there. |
| 5 |
|
| 6 |
ok .... |
| 7 |
|
| 8 |
> lvcreate -n crypttest -L 100M vg0 KEY=`tr -cd [:graph:] < |
| 9 |
> /dev/urandom | head -c 79` echo $KEY | openssl aes-256-ecb > |
| 10 |
> verysekrit.key openssl aes-256-ecb -d -in verysekrit.key # (aha :) |
| 11 |
> openssl aes-256-ecb -d -in verysekrit.key | cryptsetup -v --cipher |
| 12 |
> aes-cbc-plain --key-size 256 luksFormat /dev/vg0/crypttest openssl |
| 13 |
> aes-256-ecb -d -in verysekrit.key | cryptsetup luksOpen |
| 14 |
> /dev/vg0/crypttest decryptedtest cryptsetup luksClose crypttest # (i |
| 15 |
> couldn't close it... don't know why...) |
| 16 |
> |
| 17 |
> The key that cryptsetup is given to decrypt the partition is created |
| 18 |
> by openssl from the file. Please check the output of $ openssl |
| 19 |
> aes-256-ecb -d -in verysekrit.key under both kernel - it should be |
| 20 |
> identical. |
| 21 |
|
| 22 |
At first, thank you for your time and work! |
| 23 |
|
| 24 |
Tried that. I have to admit that I don't know the decryption password |
| 25 |
... but as far as I understand it should be the same as the |
| 26 |
unix-password of the user sgw. pam_mount.so should read it when I log |
| 27 |
in, correct? |
| 28 |
|
| 29 |
With this password I get a "bad decrypt" so this explains why it fails. |
| 30 |
|
| 31 |
Please let me repeat/point out that it is the same for 3 kernels |
| 32 |
(2.6.32-r1, 2.6.33-r[12] ... ), so I should change the subject to stay |
| 33 |
correct ... |
| 34 |
|
| 35 |
> BTW: You'll get your error message if you run: $ echo |
| 36 |
> notmykey | cryptsetup luksOpen /dev/vg0/crypttest decryptedtes |
| 37 |
|
| 38 |
Yes, correct. |
| 39 |
|
| 40 |
- |
| 41 |
|
| 42 |
I really wonder what the reason is ... should I downgrade openssl? |
| 43 |
|
| 44 |
Thanks Stefan |
Archives