1 |
Am 18.05.2010 22:06, schrieb Jan Engelhardt: |
2 |
> |
3 |
> On Tuesday 2010-05-18 21:33, Stefan G. Weichinger wrote: |
4 |
>> Am 18.05.2010 20:57, schrieb Stefan G. Weichinger: |
5 |
>> |
6 |
>>> On the other hand I would like to get that done right, sure. |
7 |
>>> |
8 |
>>> Any howto without pmt-ehd that would keep me safe from newlines |
9 |
>>> etc (btw. there were NO newlines in that hexdump-output)? |
10 |
>> |
11 |
>> Created a new encrypted LV and used "--key-file=-" as mentioned |
12 |
>> in: |
13 |
>> |
14 |
>> http://pam-mount.git.sourceforge.net/git/gitweb.cgi?p=pam-mount/pam-mount;a=blob;hb=master;f=doc/bugs.txt |
15 |
>> |
16 |
>> |
17 |
>> |
18 |
Still no success with 2.x ... |
19 |
> |
20 |
> Debugging preexisting containers is hard (because people usually |
21 |
> don't share that.) |
22 |
> |
23 |
> Since you are starting with a blank one, I would love to see your |
24 |
> failing testcase -- i.e. sequence of shell commands to trigger the |
25 |
> unanticipated behavior, such as the existing testcases in |
26 |
> src/t-crypt: |
27 |
> |
28 |
> echo that | openssl whatever cryptsetup luksFoo,Format,Open that. |
29 |
> mkfs cryptsetup luksClose mount.crypt -o [...] |
30 |
> |
31 |
> It does not need to follow t-crypt's style, just the sequence alone |
32 |
> is good. |
33 |
|
34 |
|
35 |
I saved my history, unfortunately only the last steps were kept, but I |
36 |
am able to reconstruct: |
37 |
|
38 |
The block-device is /dev/VG01/sgwcrypt ... |
39 |
|
40 |
#I tried a more complicated KEY |
41 |
KEY=`head -c 79 /dev/urandom` |
42 |
|
43 |
# avoid newline here |
44 |
echo -n $KEY | openssl aes-256-cbc > /etc/security/super.key |
45 |
|
46 |
# format it, using "--keyfile=-" as mentioned in bugs ... |
47 |
openssl aes-256-cbc -d -in /etc/security/super.key | cryptsetup -v |
48 |
--key-file=- --cipher aes-cbc-plain --key-size 256 luksFormat |
49 |
/dev/VG01/sgwcrypt |
50 |
|
51 |
# open it |
52 |
openssl aes-256-cbc -d -in /etc/security/super.key | cryptsetup -v |
53 |
--key-file=- luksOpen /dev/VG01/sgwcrypt newhome |
54 |
|
55 |
# create fs on the open luks-volume |
56 |
mkfs.ext3 /dev/mapper/newhome |
57 |
|
58 |
# mount the new fs |
59 |
mount /dev/mapper/newhome /mnt/gschwind |
60 |
|
61 |
all this worked OK so far, but not with pam_mount. |
62 |
|
63 |
OK? |
64 |
|
65 |
Stefan |