From: Paul Menzel <pm.debian@googlemail.com>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] How can a passphrase be incorrect even after `luksHeaderBackup` and `luksHeaderRestore`?
Date: Fri, 5 Aug 2011 01:18:51 +0200 [thread overview]
Message-ID: <CAOOH3prY2scQMY9MPv0n31S+vAYoSEgWCyz+3pNa7HNN-U76sQ@mail.gmail.com> (raw)
In-Reply-To: <CAOOH3pqkS91HeAxta490Xpr3NT_g+=TWh49NyPO3xYs4XwjO5g@mail.gmail.com>
2011/8/4 Paul Menzel <pm.debian@googlemail.com>:
> trying to save my data [1][2][3] I do not understand the following.
>
> The partitions of two drives `/dev/sd{a,b}2` start at exactly the same point.
>
> ------- 8< --- partition table --- >8 -------
> # partition table of /dev/sda
> unit: sectors
>
> /dev/sda1 : start= 63, size= 995967, Id=fd, bootable
> /dev/sda2 : start= 996030, size=3906028035, Id=fd
> /dev/sda3 : start= 0, size= 0, Id= 0
> /dev/sda4 : start= 0, size= 0, Id= 0
>
> # partition table of /dev/sdb
> unit: sectors
>
> /dev/sdb1 : start= 63, size= 995967, Id=fd, bootable
> /dev/sdb2 : start= 996030, size=975772035, Id=fd
> /dev/sdb3 : start= 0, size= 0, Id= 0
> /dev/sdb4 : start= 0, size= 0, Id= 0
> ------- 8< --- partition table --- >8 -------
>
> Doing `cryptsetup luksHeaderRestore /dev/sda2 --header-backup-file
> sdb.luksHeaderBackup` with `sdb.luksHeaderBackup` obtained from
> `/dev/sdb2` the passphrase, which works on sdb, should definitely work
> on sda although the data might be read as garbage.
It looks like `luksBackupRestore` is not working for me correctly.
Please take a look at the following results. `/dev/sdb` is the old
drive with the working LUKS setup, that means my passphrase gets
accepted. I am sorry for that Google Mail will probably line wrap
everything.
------- 8< --- entered commands --- >8 -------
% sudo cryptsetup luksHeaderBackup /dev/sda2 --header-backup-file
/tmp/sda.header
% sudo cryptsetup luksHeaderBackup /dev/sdb2 --header-backup-file
/tmp/sdb.header
% sudo md5sum /tmp/sd*
7b897c620776f549324810a8aeb9921e /tmp/sda.header
ce314509007b2c76eb85e7b89ee25da5 /tmp/sdb.header
% sudo cryptsetup --verbose --debug luksHeaderRestore /dev/sda2
--header-backup-file /tmp/sdb.header
# cryptsetup 1.3.0 processing "cryptsetup --verbose --debug
luksHeaderRestore /dev/sda2 --header-backup-file /tmp/sdb.header"
# Running command luksHeaderRestore.
# Locking memory.
# Allocating crypt device /dev/sda2 context.
# Trying to open and read device /dev/sda2.
# Initialising device-mapper backend, UDEV is enabled.
# Detected dm-crypt version 1.10.0, dm-ioctl version 4.19.1.
# Initialising gcrypt crypto backend.
# Requested header restore to device /dev/sda2 (LUKS1) from file
/tmp/sdb.header.
# Reading LUKS header of size 1024 from backup file /tmp/sdb.header
# Reading LUKS header of size 1024 from device /dev/sda2
# Device /dev/sda2 already contains LUKS header, checking UUID and offset.
WARNING!
========
Device /dev/sda2 already contains LUKS header. Replacing header will
destroy existing keyslots.
Are you sure? (Type uppercase yes): YES
# Storing backup of header (1024 bytes) and keyslot area (1048576
bytes) to device /dev/sda2.
# Reading LUKS header of size 1024 from device /dev/sda2
# Releasing crypt device /dev/sda2 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command successful.
% sudo cryptsetup --verbose --debug luksHeaderBackup /dev/sda2
--header-backup-file /tmp/sda2.header
# cryptsetup 1.3.0 processing "cryptsetup --verbose --debug
luksHeaderBackup /dev/sda2 --header-backup-file /tmp/sda2.header"
# Running command luksHeaderBackup.
# Locking memory.
# Allocating crypt device /dev/sda2 context.
# Trying to open and read device /dev/sda2.
# Initialising device-mapper backend, UDEV is enabled.
# Detected dm-crypt version 1.10.0, dm-ioctl version 4.19.1.
# Initialising gcrypt crypto backend.
# Requested header backup of device /dev/sda2 (LUKS1) to file /tmp/sda2.header.
# Reading LUKS header of size 1024 from device /dev/sda2
# Storing backup of header (1024 bytes) and keyslot area (1048576 bytes).
# Releasing crypt device /dev/sda2 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command successful.
% sudo md5sum /tmp/*header
7b897c620776f549324810a8aeb9921e /tmp/sda2.header
7b897c620776f549324810a8aeb9921e /tmp/sda.header
ce314509007b2c76eb85e7b89ee25da5 /tmp/sdb.header
------- 8< --- entered commands --- >8 -------
I would have assumed that all files are identical, i. e. they have the
same hash.
Thanks,
Paul
> [1] http://www.saout.de/pipermail/dm-crypt/2011-August/001858.html
> [2] http://www.saout.de/pipermail/dm-crypt/2011-August/001858.html
> [3] http://marc.info/?l=linux-raid&m=131248606026407&w=2
next prev parent reply other threads:[~2011-08-04 23:18 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-04 21:31 [dm-crypt] How can a passphrase be incorrect even after `luksHeaderBackup` and `luksHeaderRestore`? Paul Menzel
2011-08-04 23:18 ` Paul Menzel [this message]
2011-08-05 2:20 ` Milan Broz
2011-08-05 8:41 ` Paul Menzel
2011-08-05 12:11 ` Paul Menzel
2011-08-05 14:16 ` Milan Broz
2011-08-05 14:52 ` Arno Wagner
2011-08-05 14:55 ` Arno Wagner
2011-08-05 17:47 ` Milan Broz
2011-08-05 15:02 ` Paul Menzel
2011-08-05 15:08 ` Arno Wagner
2011-09-01 19:08 ` Paul Menzel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAOOH3prY2scQMY9MPv0n31S+vAYoSEgWCyz+3pNa7HNN-U76sQ@mail.gmail.com \
--to=pm.debian@googlemail.com \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.