1 |
On 05/05/2010 06:42 AM, Stefan G. Weichinger wrote: |
2 |
> Am 04.05.2010 23:24, schrieb Daniel Troeder: |
3 |
> |
4 |
>> I'm using sys-fs/cryptsetup-1.1.1_rc1 since 02.05.2010 and didn't have |
5 |
>> any issues. |
6 |
>> Please decrypt your partition from the command line, so we can see if it |
7 |
>> is a cryptsetup/luks/kernel problem or a pam_mount problem. |
8 |
>> |
9 |
>> Cmdline should something like: |
10 |
>> $ sudo cryptsetup -d /etc/security/verysekrit.key luksOpen |
11 |
>> /dev/mapper/VG01-crypthome myhome |
12 |
>> Which should create /dev/mapper/myhome. |
13 |
> |
14 |
> My user sgw is currently not allowed to sudo this (should it be? it |
15 |
> never was). |
16 |
> |
17 |
> And for root it says "Kein Schlüssel mit diesem Passsatz verfügbar." |
18 |
> (german) which should be "No key available with this passphrase." in |
19 |
> english. |
20 |
That is a message from cryptsetup. As you are using openssl to get the |
21 |
key, I think the problem might be there. |
22 |
|
23 |
I followed the guide you linked here (website is down, but google-cache |
24 |
works: |
25 |
http://webcache.googleusercontent.com/search?q=cache:7eaSac72CoIJ:home.coming.dk/index.php/2009/05/20/encrypted_home_partition_using_luks_pam_+encrypted_home_partition_using_luks_pam&cd=2&hl=de&ct=clnk&gl=de&client=firefox-a) |
26 |
and it works for me (kernel is 2.6.33-zen2): |
27 |
|
28 |
lvcreate -n crypttest -L 100M vg0 |
29 |
KEY=`tr -cd [:graph:] < /dev/urandom | head -c 79` |
30 |
echo $KEY | openssl aes-256-ecb > verysekrit.key |
31 |
openssl aes-256-ecb -d -in verysekrit.key |
32 |
# (aha :) |
33 |
openssl aes-256-ecb -d -in verysekrit.key | cryptsetup -v --cipher |
34 |
aes-cbc-plain --key-size 256 luksFormat /dev/vg0/crypttest |
35 |
openssl aes-256-ecb -d -in verysekrit.key | cryptsetup luksOpen |
36 |
/dev/vg0/crypttest decryptedtest |
37 |
cryptsetup luksClose crypttest |
38 |
# (i couldn't close it... don't know why...) |
39 |
|
40 |
The key that cryptsetup is given to decrypt the partition is created by |
41 |
openssl from the file. Please check the output of |
42 |
$ openssl aes-256-ecb -d -in verysekrit.key |
43 |
under both kernel - it should be identical. |
44 |
BTW: You'll get your error message if you run: |
45 |
$ echo notmykey | cryptsetup luksOpen /dev/vg0/crypttest decryptedtes |
46 |
|
47 |
Bye, |
48 |
Daniel |
49 |
|
50 |
|
51 |
|
52 |
|
53 |
-- |
54 |
PGP key @ http://pgpkeys.pca.dfn.de/pks/lookup?search=0xBB9D4887&op=get |
55 |
# gpg --recv-keys --keyserver hkp://subkeys.pgp.net 0xBB9D4887 |