Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Daniel Troeder <daniel@×××××××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Re: Kernel upgrade and now LUKS failure.
Date: Wed, 05 May 2010 08:01:54
Message-Id: 4BE125AB.1030105@admin-box.com
In Reply to: Re: [gentoo-user] Re: Kernel upgrade and now LUKS failure. by "Stefan G. Weichinger"
1 On 05/05/2010 06:42 AM, Stefan G. Weichinger wrote:
2 > Am 04.05.2010 23:24, schrieb Daniel Troeder:
3 >
4 >> I'm using sys-fs/cryptsetup-1.1.1_rc1 since 02.05.2010 and didn't have
5 >> any issues.
6 >> Please decrypt your partition from the command line, so we can see if it
7 >> is a cryptsetup/luks/kernel problem or a pam_mount problem.
8 >>
9 >> Cmdline should something like:
10 >> $ sudo cryptsetup -d /etc/security/verysekrit.key luksOpen
11 >> /dev/mapper/VG01-crypthome myhome
12 >> Which should create /dev/mapper/myhome.
13 >
14 > My user sgw is currently not allowed to sudo this (should it be? it
15 > never was).
16 >
17 > And for root it says "Kein Schlüssel mit diesem Passsatz verfügbar."
18 > (german) which should be "No key available with this passphrase." in
19 > english.
20 That is a message from cryptsetup. As you are using openssl to get the
21 key, I think the problem might be there.
22
23 I followed the guide you linked here (website is down, but google-cache
24 works:
25 http://webcache.googleusercontent.com/search?q=cache:7eaSac72CoIJ:home.coming.dk/index.php/2009/05/20/encrypted_home_partition_using_luks_pam_+encrypted_home_partition_using_luks_pam&cd=2&hl=de&ct=clnk&gl=de&client=firefox-a)
26 and it works for me (kernel is 2.6.33-zen2):
27
28 lvcreate -n crypttest -L 100M vg0
29 KEY=`tr -cd [:graph:] < /dev/urandom | head -c 79`
30 echo $KEY | openssl aes-256-ecb > verysekrit.key
31 openssl aes-256-ecb -d -in verysekrit.key
32 # (aha :)
33 openssl aes-256-ecb -d -in verysekrit.key | cryptsetup -v --cipher
34 aes-cbc-plain --key-size 256 luksFormat /dev/vg0/crypttest
35 openssl aes-256-ecb -d -in verysekrit.key | cryptsetup luksOpen
36 /dev/vg0/crypttest decryptedtest
37 cryptsetup luksClose crypttest
38 # (i couldn't close it... don't know why...)
39
40 The key that cryptsetup is given to decrypt the partition is created by
41 openssl from the file. Please check the output of
42 $ openssl aes-256-ecb -d -in verysekrit.key
43 under both kernel - it should be identical.
44 BTW: You'll get your error message if you run:
45 $ echo notmykey | cryptsetup luksOpen /dev/vg0/crypttest decryptedtes
46
47 Bye,
48 Daniel
49
50
51
52
53 --
54 PGP key @ http://pgpkeys.pca.dfn.de/pks/lookup?search=0xBB9D4887&op=get
55 # gpg --recv-keys --keyserver hkp://subkeys.pgp.net 0xBB9D4887

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-user] Re: Kernel upgrade and now LUKS failure. "Stefan G. Weichinger" <lists@×××××.at>
Report Message
Find on MARC Find on Google Groups