[dm-crypt] cryptsetup not accepting plain passwd with -d option

[dm-crypt] cryptsetup not accepting plain passwd with -d option

[Nikhil AR]

[-- Attachment #1: Type: text/plain, Size: 1144 bytes --]

Hi,

I have created an encrypted ISO image of a directory named data using the
below command.

# mkisofa -r data | aespipe -p3 -e aes256 3<./passphrase > data.iso

In order to mount encrypted disk using dm-crypt, I followed below steps:

1) creating the loop device
# losetup /dev/loop0 data.iso

2) creating device mapper device for this loop device
# cryptsetup -c aes -s 256 -h sha512 -d./passphrase create aesdev /dev/loop0

3) mount dm device on an empty folder to access iso contents
# mount /dev/mapper/aesdev /mnt

The mount command gives me the below error:
# mount: you must specify the filesystem type

After lot of trial and error iterations, I figured out that cryptsetup is
the culprit. Because issue surfaces only when -d option of cryptsetup is
used. If I'm giving the password manually when cryptsetup prompts,
everything works fine. Also a wrongly entered passphrase is not also
reported until the mount step is attempted.

[root@dhcp210-115 ~]# cat passphrase
thisisanaes256passphrasetotestae

Is there a way to provide cryptsetup its password in a file when it is used
in this manner?

Thanks in advance.

Cheers,
-- Nikhil

[-- Attachment #2: Type: text/html, Size: 1574 bytes --]

Re: [dm-crypt] cryptsetup not accepting plain passwd with -d option

[Milan Broz]

On 01/31/2012 03:49 PM, Nikhil AR wrote:
> Hi,
>
> I have created an encrypted ISO image of a directory named data using the below command.
>
> # mkisofa -r data | aespipe -p3 -e aes256 3<./passphrase > data.iso
...
> Is there a way to provide cryptsetup its password in a file when it is used in this manner?

The problem is with password hashing.

You need recent cryptsetup with loop-aes compatible support
(in your case you do not need new kernel, it is not multi-key device)

Just run
cryptsetup loopaesOpen data.iso aesdev --key-file passphrase

(no losetup needed, it should find loop automatically)

Milan

Re: [dm-crypt] cryptsetup not accepting plain passwd with -d option

[Nikhil AR]

[-- Attachment #1: Type: text/plain, Size: 843 bytes --]

Hi Milan,

I have tested the same on a f16 machine. It worked perfectly !!!

Thanks a lot.

Cheers,
-- Nikhil

On Tue, Jan 31, 2012 at 9:04 PM, Milan Broz <mbroz@redhat.com> wrote:

> On 01/31/2012 03:49 PM, Nikhil AR wrote:
>
>> Hi,
>>
>> I have created an encrypted ISO image of a directory named data using the
>> below command.
>>
>> # mkisofa -r data | aespipe -p3 -e aes256 3<./passphrase > data.iso
>>
> ...
>
>  Is there a way to provide cryptsetup its password in a file when it is
>> used in this manner?
>>
>
> The problem is with password hashing.
>
> You need recent cryptsetup with loop-aes compatible support
> (in your case you do not need new kernel, it is not multi-key device)
>
> Just run
> cryptsetup loopaesOpen data.iso aesdev --key-file passphrase
>
> (no losetup needed, it should find loop automatically)
>
> Milan
>

[-- Attachment #2: Type: text/html, Size: 1481 bytes --]