* [dm-crypt] cryptsetup not accepting plain passwd with -d option
@ 2012-01-31 14:49 Nikhil AR
2012-01-31 15:34 ` Milan Broz
0 siblings, 1 reply; 3+ messages in thread
From: Nikhil AR @ 2012-01-31 14:49 UTC (permalink / raw)
To: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 1144 bytes --]
Hi,
I have created an encrypted ISO image of a directory named data using the
below command.
# mkisofa -r data | aespipe -p3 -e aes256 3<./passphrase > data.iso
In order to mount encrypted disk using dm-crypt, I followed below steps:
1) creating the loop device
# losetup /dev/loop0 data.iso
2) creating device mapper device for this loop device
# cryptsetup -c aes -s 256 -h sha512 -d./passphrase create aesdev /dev/loop0
3) mount dm device on an empty folder to access iso contents
# mount /dev/mapper/aesdev /mnt
The mount command gives me the below error:
# mount: you must specify the filesystem type
After lot of trial and error iterations, I figured out that cryptsetup is
the culprit. Because issue surfaces only when -d option of cryptsetup is
used. If I'm giving the password manually when cryptsetup prompts,
everything works fine. Also a wrongly entered passphrase is not also
reported until the mount step is attempted.
[root@dhcp210-115 ~]# cat passphrase
thisisanaes256passphrasetotestae
Is there a way to provide cryptsetup its password in a file when it is used
in this manner?
Thanks in advance.
Cheers,
-- Nikhil
[-- Attachment #2: Type: text/html, Size: 1574 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dm-crypt] cryptsetup not accepting plain passwd with -d option
2012-01-31 14:49 [dm-crypt] cryptsetup not accepting plain passwd with -d option Nikhil AR
@ 2012-01-31 15:34 ` Milan Broz
2012-01-31 17:06 ` Nikhil AR
0 siblings, 1 reply; 3+ messages in thread
From: Milan Broz @ 2012-01-31 15:34 UTC (permalink / raw)
To: Nikhil AR; +Cc: dm-crypt
On 01/31/2012 03:49 PM, Nikhil AR wrote:
> Hi,
>
> I have created an encrypted ISO image of a directory named data using the below command.
>
> # mkisofa -r data | aespipe -p3 -e aes256 3<./passphrase > data.iso
...
> Is there a way to provide cryptsetup its password in a file when it is used in this manner?
The problem is with password hashing.
You need recent cryptsetup with loop-aes compatible support
(in your case you do not need new kernel, it is not multi-key device)
Just run
cryptsetup loopaesOpen data.iso aesdev --key-file passphrase
(no losetup needed, it should find loop automatically)
Milan
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dm-crypt] cryptsetup not accepting plain passwd with -d option
2012-01-31 15:34 ` Milan Broz
@ 2012-01-31 17:06 ` Nikhil AR
0 siblings, 0 replies; 3+ messages in thread
From: Nikhil AR @ 2012-01-31 17:06 UTC (permalink / raw)
To: Milan Broz; +Cc: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 843 bytes --]
Hi Milan,
I have tested the same on a f16 machine. It worked perfectly !!!
Thanks a lot.
Cheers,
-- Nikhil
On Tue, Jan 31, 2012 at 9:04 PM, Milan Broz <mbroz@redhat.com> wrote:
> On 01/31/2012 03:49 PM, Nikhil AR wrote:
>
>> Hi,
>>
>> I have created an encrypted ISO image of a directory named data using the
>> below command.
>>
>> # mkisofa -r data | aespipe -p3 -e aes256 3<./passphrase > data.iso
>>
> ...
>
> Is there a way to provide cryptsetup its password in a file when it is
>> used in this manner?
>>
>
> The problem is with password hashing.
>
> You need recent cryptsetup with loop-aes compatible support
> (in your case you do not need new kernel, it is not multi-key device)
>
> Just run
> cryptsetup loopaesOpen data.iso aesdev --key-file passphrase
>
> (no losetup needed, it should find loop automatically)
>
> Milan
>
[-- Attachment #2: Type: text/html, Size: 1481 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-01-31 17:06 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-01-31 14:49 [dm-crypt] cryptsetup not accepting plain passwd with -d option Nikhil AR
2012-01-31 15:34 ` Milan Broz
2012-01-31 17:06 ` Nikhil AR
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.