* [dm-crypt] Detached header creation confusion.
[not found] <830403085.13951328.1576484487874.ref@mail.yahoo.com>
@ 2019-12-16 8:21 ` Aint Tellin
2019-12-22 20:41 ` Michael Kjörling
0 siblings, 1 reply; 2+ messages in thread
From: Aint Tellin @ 2019-12-16 8:21 UTC (permalink / raw)
To: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 1190 bytes --]
Salutations.
Thank you all so much for the time and effort you put into your amazing project!I've used it successfully many times!
I have a usage question for you if you'll allow me.
I am attempting to create a detached header in conjunction with a 1G offset.
The version of cryptsetup I am using is version 2.2.2. My kernel is 5.4.3
What I expected: > detached header file "detached_header.img" on /dev/sda1 (mounted at /mnt)> luks protected data on /dev/sda1
The command I used.> $cryptsetup luksFormat /dev/sd2 --offset 2097152 --header /mnt/detached_header.img
According to the man page, the --header option will override the positional <device> parameter. Thus, when I run the above command (or variations of same) the device on which the "detached_header.img" file sits, becomes the target of the luksFormat.
What happened:> /dev/sda1 becomes target of luksFormat. Fails with the following output;
$ Device wipe error, offset 93323264.$ Cannot wipe header on device mnt/detached_header.img
No change on /dev/sda2
I know I'm misunderstanding something, but I can't figure out what it is.
Thank you ahead of time for any help you can provide!
-Omar
[-- Attachment #2: Type: text/html, Size: 3275 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [dm-crypt] Detached header creation confusion.
2019-12-16 8:21 ` [dm-crypt] Detached header creation confusion Aint Tellin
@ 2019-12-22 20:41 ` Michael Kjörling
0 siblings, 0 replies; 2+ messages in thread
From: Michael Kjörling @ 2019-12-22 20:41 UTC (permalink / raw)
To: dm-crypt
On 16 Dec 2019 08:21 +0000, from bdbasstech@yahoo.com (Aint Tellin):
> I am attempting to create a detached header in conjunction with a 1G offset.
> The version of cryptsetup I am using is version 2.2.2. My kernel is 5.4.3
> What I expected: > detached header file "detached_header.img" on /dev/sda1 (mounted at /mnt)> luks protected data on /dev/sda1
> The command I used.> $cryptsetup luksFormat /dev/sd2 --offset 2097152 --header /mnt/detached_header.img
Seems to work for me, with just a quick test using a sparse file
backing a loop device for a throwaway container, on an up-to-date
Debian 10/Buster with kernel version 4.19.67-2+deb10u2 and cryptsetup
version 2.1.0 (package version 2:2.1.0-5+deb10u2). Can you give
something like the below a try and let us know how it turns out?
-- cut --
# truncate -s 2G /tmp/user/0/d1
# losetup -f /tmp/user/0/d1
# losetup
NAME SIZELIMIT OFFSET AUTOCLEAR RO BACK-FILE DIO LOG-SEC
/dev/loop0 0 0 0 0 /tmp/user/0/d1 0 512
# cryptsetup luksFormat /dev/loop0 --offset 2097152 --header /tmp/user/0/d1hdr
WARNING!
========
Header file does not exist, do you want to create it?
Are you sure? (Type uppercase yes): YES
Enter passphrase for /tmp/user/0/d1hdr:
Verify passphrase:
# file -s /dev/loop0
/dev/loop0: data
# file -s /tmp/user/0/d1hdr
/tmp/user/0/d1hdr: LUKS encrypted file, ver 2 [, , sha256] UUID: 7fd5ad0e-b41a-40d4-80ca-3c32d6934324
# cryptsetup luksDump /tmp/user/0/d1hdr
LUKS header information
Version: 2
Epoch: 3
Metadata area: 16384 [bytes]
Keyslots area: 134217728 [bytes]
UUID: 7fd5ad0e-b41a-40d4-80ca-3c32d6934324
Label: (no label)
Subsystem: (no subsystem)
Flags: (no flags)
Data segments:
0: crypt
offset: 1073741824 [bytes]
length: (whole device)
cipher: aes-xts-plain64
sector: 512 [bytes]
Keyslots:
0: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 512 bits
PBKDF: argon2i
Time cost: 4
Memory: 724521
Threads: 4
Salt: 37 de 46 94 4a c0 c5 15 03 0d 29 25 41 f7 90 1f
6d 16 d0 4e 81 9d 96 f0 f2 bc e4 ff 0b 48 6c 5a
AF stripes: 4000
AF hash: sha256
Area offset:32768 [bytes]
Area length:258048 [bytes]
Digest ID: 0
Tokens:
Digests:
0: pbkdf2
Hash: sha256
Iterations: 75939
Salt: 48 00 1f 93 a0 7b f4 c4 54 9c 25 a9 a1 6b 20 a6
bf 4e bb 6d cb 66 9a 01 73 b4 ba 54 49 d6 3c 90
Digest: 80 4b 94 a0 50 c3 94 aa f8 46 20 7d 34 e1 df 60
8e 84 3a 9c ab 01 98 c7 13 23 7a 6a 0b f5 d6 0d
# cryptsetup luksDump /tmp/user/0/d1
Device /tmp/user/0/d1 is not a valid LUKS device.
#
-- cut --
--
Michael Kjörling • https://michael.kjorling.se • michael@kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-12-22 20:41 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <830403085.13951328.1576484487874.ref@mail.yahoo.com>
2019-12-16 8:21 ` [dm-crypt] Detached header creation confusion Aint Tellin
2019-12-22 20:41 ` Michael Kjörling
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.