[dm-crypt] luksAddKey successful but not working

[dm-crypt] luksAddKey successful but not working

[leam hall]

[-- Attachment #1: Type: text/plain, Size: 712 bytes --]

Help! I've nearly broken my desk banging my head against this problem. I am
using Red Hat 5.9 base install and trying to set the LUKS volume to come
on-line on boot.

The volume can be manually mounted. However, when I try to create the key
file it becomes a 0 length file and does not work when the system boots.

cryptsetup luksAddKey /dev/sda2 keyfile
Enter any LUKS passphrase:
Verify passphrase:
key slot 0 unlocked.
Command successful.


ls -lart keyfile
-rw------- 1 root root 0 May 22 08:42 keyfile


cat /etc/crypttab
luks /dev/sda2 /root/keyfile luks


This is probably operator error but I'm not sure where to look. Any help
appreciated!

Leam



-- 
Mind on a Mission <http://leamhall.blogspot.com/>

[-- Attachment #2: Type: text/html, Size: 946 bytes --]

Re: [dm-crypt] luksAddKey successful but not working

[Arno Wagner]

A look into the man-page of cryptsetup shows that luksAddKey does
not write the key-file, but reads it. I am surprised though that
cryptsetup does not complain that the file is missing. With my
system (cryptsetup 1.6.0) it does:

# cryptsetup luksAddKey /dev/loop0 keyfile
Enter any passphrase:
Failed to open key file.    <---
#

Have you created "keyfile" before? If so, you just added the empty 
passphrase to your device, something you probably do not want to do.

Arno

On Wed, May 22, 2013 at 08:50:22AM -0400, leam hall wrote:
> Help! I've nearly broken my desk banging my head against this problem. I am
> using Red Hat 5.9 base install and trying to set the LUKS volume to come
> on-line on boot.
> 
> The volume can be manually mounted. However, when I try to create the key
> file it becomes a 0 length file and does not work when the system boots.
> 
> cryptsetup luksAddKey /dev/sda2 keyfile
> Enter any LUKS passphrase:
> Verify passphrase:
> key slot 0 unlocked.
> Command successful.
> 
> 
> ls -lart keyfile
> -rw------- 1 root root 0 May 22 08:42 keyfile
> 
> 
> cat /etc/crypttab
> luks /dev/sda2 /root/keyfile luks
> 
> 
> This is probably operator error but I'm not sure where to look. Any help
> appreciated!
> 
> Leam
> 
> 
> 
> -- 
> Mind on a Mission <http://leamhall.blogspot.com/>

> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare

Re: [dm-crypt] luksAddKey successful but not working

[leam hall]

[-- Attachment #1: Type: text/plain, Size: 2568 bytes --]

Hey Arno, thanks! None of the instructions I found talked about manually
editing the keyfile with the key. That's why I thought luksAddKey created
the file.

So far I'm not doing great with this. Either the /dev/sda partition isn't
able to be mounted or /dev/mapper/luks isn't viewed as a LUKS partition.



On Wed, May 22, 2013 at 10:33 AM, Arno Wagner <arno@wagner.name> wrote:

> A look into the man-page of cryptsetup shows that luksAddKey does
> not write the key-file, but reads it. I am surprised though that
> cryptsetup does not complain that the file is missing. With my
> system (cryptsetup 1.6.0) it does:
>
> # cryptsetup luksAddKey /dev/loop0 keyfile
> Enter any passphrase:
> Failed to open key file.    <---
> #
>
> Have you created "keyfile" before? If so, you just added the empty
> passphrase to your device, something you probably do not want to do.
>
> Arno
>
> On Wed, May 22, 2013 at 08:50:22AM -0400, leam hall wrote:
> > Help! I've nearly broken my desk banging my head against this problem. I
> am
> > using Red Hat 5.9 base install and trying to set the LUKS volume to come
> > on-line on boot.
> >
> > The volume can be manually mounted. However, when I try to create the key
> > file it becomes a 0 length file and does not work when the system boots.
> >
> > cryptsetup luksAddKey /dev/sda2 keyfile
> > Enter any LUKS passphrase:
> > Verify passphrase:
> > key slot 0 unlocked.
> > Command successful.
> >
> >
> > ls -lart keyfile
> > -rw------- 1 root root 0 May 22 08:42 keyfile
> >
> >
> > cat /etc/crypttab
> > luks /dev/sda2 /root/keyfile luks
> >
> >
> > This is probably operator error but I'm not sure where to look. Any help
> > appreciated!
> >
> > Leam
> >
> >
> >
> > --
> > Mind on a Mission <http://leamhall.blogspot.com/>
>
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt@saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
>
>
> --
> Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
> GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
> ----
> There are two ways of constructing a software design: One way is to make it
> so simple that there are obviously no deficiencies, and the other way is to
> make it so complicated that there are no obvious deficiencies. The first
> method is far more difficult.  --Tony Hoare
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>



-- 
Mind on a Mission <http://leamhall.blogspot.com/>

[-- Attachment #2: Type: text/html, Size: 3728 bytes --]

Re: [dm-crypt] luksAddKey successful but not working

[Arno Wagner]

No Problem. I would suggest reading the FAQ 

  http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions

and the man-page. Takes a while, but afterwards you should understand
how things work. Muy experience with "instructions" is that they
fail as soon as something is not quite as expected and are absolutely
no replacement for getting your own expertise.

Arno

On Wed, May 22, 2013 at 10:48:52AM -0400, leam hall wrote:
> Hey Arno, thanks! None of the instructions I found talked about manually
> editing the keyfile with the key. That's why I thought luksAddKey created
> the file.
> 
> So far I'm not doing great with this. Either the /dev/sda partition isn't
> able to be mounted or /dev/mapper/luks isn't viewed as a LUKS partition.
> 
> 
> 
> On Wed, May 22, 2013 at 10:33 AM, Arno Wagner <arno@wagner.name> wrote:
> 
> > A look into the man-page of cryptsetup shows that luksAddKey does
> > not write the key-file, but reads it. I am surprised though that
> > cryptsetup does not complain that the file is missing. With my
> > system (cryptsetup 1.6.0) it does:
> >
> > # cryptsetup luksAddKey /dev/loop0 keyfile
> > Enter any passphrase:
> > Failed to open key file.    <---
> > #
> >
> > Have you created "keyfile" before? If so, you just added the empty
> > passphrase to your device, something you probably do not want to do.
> >
> > Arno
> >
> > On Wed, May 22, 2013 at 08:50:22AM -0400, leam hall wrote:
> > > Help! I've nearly broken my desk banging my head against this problem. I
> > am
> > > using Red Hat 5.9 base install and trying to set the LUKS volume to come
> > > on-line on boot.
> > >
> > > The volume can be manually mounted. However, when I try to create the key
> > > file it becomes a 0 length file and does not work when the system boots.
> > >
> > > cryptsetup luksAddKey /dev/sda2 keyfile
> > > Enter any LUKS passphrase:
> > > Verify passphrase:
> > > key slot 0 unlocked.
> > > Command successful.
> > >
> > >
> > > ls -lart keyfile
> > > -rw------- 1 root root 0 May 22 08:42 keyfile
> > >
> > >
> > > cat /etc/crypttab
> > > luks /dev/sda2 /root/keyfile luks
> > >
> > >
> > > This is probably operator error but I'm not sure where to look. Any help
> > > appreciated!
> > >
> > > Leam
> > >
> > >
> > >
> > > --
> > > Mind on a Mission <http://leamhall.blogspot.com/>
> >
> > > _______________________________________________
> > > dm-crypt mailing list
> > > dm-crypt@saout.de
> > > http://www.saout.de/mailman/listinfo/dm-crypt
> >
> >
> > --
> > Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
> > GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
> > ----
> > There are two ways of constructing a software design: One way is to make it
> > so simple that there are obviously no deficiencies, and the other way is to
> > make it so complicated that there are no obvious deficiencies. The first
> > method is far more difficult.  --Tony Hoare
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt@saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
> >
> 
> 
> 
> -- 
> Mind on a Mission <http://leamhall.blogspot.com/>

> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare

Re: [dm-crypt] luksAddKey successful but not working

[Milan Broz]

On 05/22/2013 04:33 PM, Arno Wagner wrote:
> A look into the man-page of cryptsetup shows that luksAddKey does
> not write the key-file, but reads it. I am surprised though that
> cryptsetup does not complain that the file is missing. With my
> system (cryptsetup 1.6.0) it does:
> 
> # cryptsetup luksAddKey /dev/loop0 keyfile
> Enter any passphrase:
> Failed to open key file.    <---
> #

RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is impossible
to rebase there to a new version.
You can create a bug requesting to fix this issue in RH bugzilla though...

Milan

Re: [dm-crypt] luksAddKey successful but not working

[leam hall]

[-- Attachment #1: Type: text/plain, Size: 1071 bytes --]

I have a support ticket with RH open now. So far I am not sure it is a bug.
It may well just be my misunderstanding. If it does turn out to be a bug I
will file it.

Thanks!

Leam


On Wed, May 22, 2013 at 11:28 AM, Milan Broz <gmazyland@gmail.com> wrote:

> On 05/22/2013 04:33 PM, Arno Wagner wrote:
> > A look into the man-page of cryptsetup shows that luksAddKey does
> > not write the key-file, but reads it. I am surprised though that
> > cryptsetup does not complain that the file is missing. With my
> > system (cryptsetup 1.6.0) it does:
> >
> > # cryptsetup luksAddKey /dev/loop0 keyfile
> > Enter any passphrase:
> > Failed to open key file.    <---
> > #
>
> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is impossible
> to rebase there to a new version.
> You can create a bug requesting to fix this issue in RH bugzilla though...
>
> Milan
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>



-- 
Mind on a Mission <http://leamhall.blogspot.com/>

[-- Attachment #2: Type: text/html, Size: 1793 bytes --]

Re: [dm-crypt] luksAddKey successful but not working

[leam hall]

[-- Attachment #1: Type: text/plain, Size: 1781 bytes --]

So what I'm seeing is an error "No key available with this passphrase".
What makes this odd is that there are two boxes; one build with a file
system encrypted and the other adding it afterwards. Both have the same
~/keyfile. The manually built system won't read the keyfile  on boot and
drops the box into "fix your filesystem" mode. The "encrypted on install"
box works just fine.They are pretty much build from the same OS version,
though the bad one has more packages.

Any ideas on how to trouble-shoot this?

Thanks!

Leam


On Wed, May 22, 2013 at 11:36 AM, leam hall <leamhall@gmail.com> wrote:

> I have a support ticket with RH open now. So far I am not sure it is a
> bug. It may well just be my misunderstanding. If it does turn out to be a
> bug I will file it.
>
> Thanks!
>
> Leam
>
>
> On Wed, May 22, 2013 at 11:28 AM, Milan Broz <gmazyland@gmail.com> wrote:
>
>> On 05/22/2013 04:33 PM, Arno Wagner wrote:
>> > A look into the man-page of cryptsetup shows that luksAddKey does
>> > not write the key-file, but reads it. I am surprised though that
>> > cryptsetup does not complain that the file is missing. With my
>> > system (cryptsetup 1.6.0) it does:
>> >
>> > # cryptsetup luksAddKey /dev/loop0 keyfile
>> > Enter any passphrase:
>> > Failed to open key file.    <---
>> > #
>>
>> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is
>> impossible
>> to rebase there to a new version.
>> You can create a bug requesting to fix this issue in RH bugzilla though...
>>
>> Milan
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt@saout.de
>> http://www.saout.de/mailman/listinfo/dm-crypt
>>
>
>
>
> --
> Mind on a Mission <http://leamhall.blogspot.com/>
>



-- 
Mind on a Mission <http://leamhall.blogspot.com/>

[-- Attachment #2: Type: text/html, Size: 2999 bytes --]

Re: [dm-crypt] luksAddKey successful but not working

[Arno Wagner]

I suspect that something in the initrd or the configuration it uses is
missing. Look at the boot messages for anything related,
Then look at the contents of the initrd and what it does in the one 
system and does not do in the other one.

Arno

On Wed, May 29, 2013 at 08:56:30PM -0400, leam hall wrote:
> So what I'm seeing is an error "No key available with this passphrase".
> What makes this odd is that there are two boxes; one build with a file
> system encrypted and the other adding it afterwards. Both have the same
> ~/keyfile. The manually built system won't read the keyfile  on boot and
> drops the box into "fix your filesystem" mode. The "encrypted on install"
> box works just fine.They are pretty much build from the same OS version,
> though the bad one has more packages.
> 
> Any ideas on how to trouble-shoot this?
> 
> Thanks!
> 
> Leam
> 
> 
> On Wed, May 22, 2013 at 11:36 AM, leam hall <leamhall@gmail.com> wrote:
> 
> > I have a support ticket with RH open now. So far I am not sure it is a
> > bug. It may well just be my misunderstanding. If it does turn out to be a
> > bug I will file it.
> >
> > Thanks!
> >
> > Leam
> >
> >
> > On Wed, May 22, 2013 at 11:28 AM, Milan Broz <gmazyland@gmail.com> wrote:
> >
> >> On 05/22/2013 04:33 PM, Arno Wagner wrote:
> >> > A look into the man-page of cryptsetup shows that luksAddKey does
> >> > not write the key-file, but reads it. I am surprised though that
> >> > cryptsetup does not complain that the file is missing. With my
> >> > system (cryptsetup 1.6.0) it does:
> >> >
> >> > # cryptsetup luksAddKey /dev/loop0 keyfile
> >> > Enter any passphrase:
> >> > Failed to open key file.    <---
> >> > #
> >>
> >> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is
> >> impossible
> >> to rebase there to a new version.
> >> You can create a bug requesting to fix this issue in RH bugzilla though...
> >>
> >> Milan
> >> _______________________________________________
> >> dm-crypt mailing list
> >> dm-crypt@saout.de
> >> http://www.saout.de/mailman/listinfo/dm-crypt
> >>
> >
> >
> >
> > --
> > Mind on a Mission <http://leamhall.blogspot.com/>
> >
> 
> 
> 
> -- 
> Mind on a Mission <http://leamhall.blogspot.com/>

> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare

Re: [dm-crypt] luksAddKey successful but not working

[leam hall]

[-- Attachment #1: Type: text/plain, Size: 1524 bytes --]

I can build a new box without an encrypted volume, build the volume, and
have the server ask for the password on boot. What is currently failing is
reading the keyfile so that it doesn't ask for a password. What part of the
program/process deals with that?

Thanks!

Leam


On Wed, May 22, 2013 at 11:36 AM, leam hall <leamhall@gmail.com> wrote:

> I have a support ticket with RH open now. So far I am not sure it is a
> bug. It may well just be my misunderstanding. If it does turn out to be a
> bug I will file it.
>
> Thanks!
>
> Leam
>
>
> On Wed, May 22, 2013 at 11:28 AM, Milan Broz <gmazyland@gmail.com> wrote:
>
>> On 05/22/2013 04:33 PM, Arno Wagner wrote:
>> > A look into the man-page of cryptsetup shows that luksAddKey does
>> > not write the key-file, but reads it. I am surprised though that
>> > cryptsetup does not complain that the file is missing. With my
>> > system (cryptsetup 1.6.0) it does:
>> >
>> > # cryptsetup luksAddKey /dev/loop0 keyfile
>> > Enter any passphrase:
>> > Failed to open key file.    <---
>> > #
>>
>> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is
>> impossible
>> to rebase there to a new version.
>> You can create a bug requesting to fix this issue in RH bugzilla though...
>>
>> Milan
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt@saout.de
>> http://www.saout.de/mailman/listinfo/dm-crypt
>>
>
>
>
> --
> Mind on a Mission <http://leamhall.blogspot.com/>
>



-- 
Mind on a Mission <http://leamhall.blogspot.com/>

[-- Attachment #2: Type: text/html, Size: 2657 bytes --]

Re: [dm-crypt] luksAddKey successful but not working

[leam hall]

[-- Attachment #1: Type: text/plain, Size: 2136 bytes --]

Okay, progress. And yeah, I dwaddled on reading the FAQ.  :(

I think this works, the volume mounts on boot. However, if I use isLuks on
the /dev/mapper/<volume> it is not. If I use it on the underlying
partition  (/dev/sdc1) it gives no response and "echo $?" gives a 0.

So, am I correct in thinking that the volume is LUKS encrypted? How would
you actually test that? I'm only at 2.8 on the FAQ.  :)

Leam



On Fri, May 31, 2013 at 10:09 AM, leam hall <leamhall@gmail.com> wrote:

> I can build a new box without an encrypted volume, build the volume, and
> have the server ask for the password on boot. What is currently failing is
> reading the keyfile so that it doesn't ask for a password. What part of the
> program/process deals with that?
>
> Thanks!
>
> Leam
>
>
> On Wed, May 22, 2013 at 11:36 AM, leam hall <leamhall@gmail.com> wrote:
>
>> I have a support ticket with RH open now. So far I am not sure it is a
>> bug. It may well just be my misunderstanding. If it does turn out to be a
>> bug I will file it.
>>
>> Thanks!
>>
>> Leam
>>
>>
>> On Wed, May 22, 2013 at 11:28 AM, Milan Broz <gmazyland@gmail.com> wrote:
>>
>>> On 05/22/2013 04:33 PM, Arno Wagner wrote:
>>> > A look into the man-page of cryptsetup shows that luksAddKey does
>>> > not write the key-file, but reads it. I am surprised though that
>>> > cryptsetup does not complain that the file is missing. With my
>>> > system (cryptsetup 1.6.0) it does:
>>> >
>>> > # cryptsetup luksAddKey /dev/loop0 keyfile
>>> > Enter any passphrase:
>>> > Failed to open key file.    <---
>>> > #
>>>
>>> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is
>>> impossible
>>> to rebase there to a new version.
>>> You can create a bug requesting to fix this issue in RH bugzilla
>>> though...
>>>
>>> Milan
>>> _______________________________________________
>>> dm-crypt mailing list
>>> dm-crypt@saout.de
>>> http://www.saout.de/mailman/listinfo/dm-crypt
>>>
>>
>>
>>
>> --
>> Mind on a Mission <http://leamhall.blogspot.com/>
>>
>
>
>
> --
> Mind on a Mission <http://leamhall.blogspot.com/>
>



-- 
Mind on a Mission <http://leamhall.blogspot.com/>

[-- Attachment #2: Type: text/html, Size: 3718 bytes --]

Re: [dm-crypt] luksAddKey successful but not working

[Arno Wagner]

Hi Leam,

On Fri, May 31, 2013 at 10:55:33AM -0400, leam hall wrote:
> Okay, progress. And yeah, I dwaddled on reading the FAQ.  :(

It is a bit complex by now. Maybe I will feel bored some day
and make it a proper manual. 

> I think this works, the volume mounts on boot. However, if I use isLuks on
> the /dev/mapper/<volume> it is not. If I use it on the underlying
> partition  (/dev/sdc1) it gives no response and "echo $?" gives a 0.

Add a '-v' to get a human-readable output from isLuks.
But, yes, "0" is "success" as by normal Unix exit-code
conventions.

> So, am I correct in thinking that the volume is LUKS encrypted? How would
> you actually test that? I'm only at 2.8 on the FAQ.  :)

Yes.  

Arno


 
> Leam
> 
> 
> 
> On Fri, May 31, 2013 at 10:09 AM, leam hall <leamhall@gmail.com> wrote:
> 
> > I can build a new box without an encrypted volume, build the volume, and
> > have the server ask for the password on boot. What is currently failing is
> > reading the keyfile so that it doesn't ask for a password. What part of the
> > program/process deals with that?
> >
> > Thanks!
> >
> > Leam
> >
> >
> > On Wed, May 22, 2013 at 11:36 AM, leam hall <leamhall@gmail.com> wrote:
> >
> >> I have a support ticket with RH open now. So far I am not sure it is a
> >> bug. It may well just be my misunderstanding. If it does turn out to be a
> >> bug I will file it.
> >>
> >> Thanks!
> >>
> >> Leam
> >>
> >>
> >> On Wed, May 22, 2013 at 11:28 AM, Milan Broz <gmazyland@gmail.com> wrote:
> >>
> >>> On 05/22/2013 04:33 PM, Arno Wagner wrote:
> >>> > A look into the man-page of cryptsetup shows that luksAddKey does
> >>> > not write the key-file, but reads it. I am surprised though that
> >>> > cryptsetup does not complain that the file is missing. With my
> >>> > system (cryptsetup 1.6.0) it does:
> >>> >
> >>> > # cryptsetup luksAddKey /dev/loop0 keyfile
> >>> > Enter any passphrase:
> >>> > Failed to open key file.    <---
> >>> > #
> >>>
> >>> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is
> >>> impossible
> >>> to rebase there to a new version.
> >>> You can create a bug requesting to fix this issue in RH bugzilla
> >>> though...
> >>>
> >>> Milan
> >>> _______________________________________________
> >>> dm-crypt mailing list
> >>> dm-crypt@saout.de
> >>> http://www.saout.de/mailman/listinfo/dm-crypt
> >>>
> >>
> >>
> >>
> >> --
> >> Mind on a Mission <http://leamhall.blogspot.com/>
> >>
> >
> >
> >
> > --
> > Mind on a Mission <http://leamhall.blogspot.com/>
> >
> 
> 
> 
> -- 
> Mind on a Mission <http://leamhall.blogspot.com/>

> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare

Re: [dm-crypt] luksAddKey successful but not working

[leam hall]

[-- Attachment #1: Type: text/plain, Size: 1311 bytes --]

This seems resolved with an updated version of the kernel.


On Wed, May 22, 2013 at 11:36 AM, leam hall <leamhall@gmail.com> wrote:

> I have a support ticket with RH open now. So far I am not sure it is a
> bug. It may well just be my misunderstanding. If it does turn out to be a
> bug I will file it.
>
> Thanks!
>
> Leam
>
>
> On Wed, May 22, 2013 at 11:28 AM, Milan Broz <gmazyland@gmail.com> wrote:
>
>> On 05/22/2013 04:33 PM, Arno Wagner wrote:
>> > A look into the man-page of cryptsetup shows that luksAddKey does
>> > not write the key-file, but reads it. I am surprised though that
>> > cryptsetup does not complain that the file is missing. With my
>> > system (cryptsetup 1.6.0) it does:
>> >
>> > # cryptsetup luksAddKey /dev/loop0 keyfile
>> > Enter any passphrase:
>> > Failed to open key file.    <---
>> > #
>>
>> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is
>> impossible
>> to rebase there to a new version.
>> You can create a bug requesting to fix this issue in RH bugzilla though...
>>
>> Milan
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt@saout.de
>> http://www.saout.de/mailman/listinfo/dm-crypt
>>
>
>
>
> --
> Mind on a Mission <http://leamhall.blogspot.com/>
>



-- 
Mind on a Mission <http://leamhall.blogspot.com/>

[-- Attachment #2: Type: text/html, Size: 2427 bytes --]

Re: [dm-crypt] luksAddKey successful but not working

[leam hall]

[-- Attachment #1: Type: text/plain, Size: 1403 bytes --]

Turns out this was a bug implemented in RHEL 5.9. Servers built with older
RHEL versions didn't have the issue. RH is working on a solution now.

Leam


On Wed, May 22, 2013 at 11:36 AM, leam hall <leamhall@gmail.com> wrote:

> I have a support ticket with RH open now. So far I am not sure it is a
> bug. It may well just be my misunderstanding. If it does turn out to be a
> bug I will file it.
>
> Thanks!
>
> Leam
>
>
> On Wed, May 22, 2013 at 11:28 AM, Milan Broz <gmazyland@gmail.com> wrote:
>
>> On 05/22/2013 04:33 PM, Arno Wagner wrote:
>> > A look into the man-page of cryptsetup shows that luksAddKey does
>> > not write the key-file, but reads it. I am surprised though that
>> > cryptsetup does not complain that the file is missing. With my
>> > system (cryptsetup 1.6.0) it does:
>> >
>> > # cryptsetup luksAddKey /dev/loop0 keyfile
>> > Enter any passphrase:
>> > Failed to open key file.    <---
>> > #
>>
>> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is
>> impossible
>> to rebase there to a new version.
>> You can create a bug requesting to fix this issue in RH bugzilla though...
>>
>> Milan
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt@saout.de
>> http://www.saout.de/mailman/listinfo/dm-crypt
>>
>
>
>
> --
> Mind on a Mission <http://leamhall.blogspot.com/>
>



-- 
Mind on a Mission <http://leamhall.blogspot.com/>

[-- Attachment #2: Type: text/html, Size: 2541 bytes --]