Re: [dm-crypt] Encrypting DVD or CDROM from iso

Re: [dm-crypt] Encrypting DVD or CDROM from iso

[Davide Marchi]

Hi to All,
finally I've found the right (and tested) procedure in this simple 
script, made by sowbug: 
https://gist.github.com/sowbug/c7f83140581fbe3e6a9b3ddf24891e77#gistcomment-3531970


# All the code from 
http://billauer.co.il/blog/2010/10/encrypted-iso-dvd-luks-dm-crypt-fedora-linux/

MB_COUNT=100
VOL_NAME=MyVolName
DIR_TO_COPY=/tmp/mydir

# Make a 100MB disk image
dd if=/dev/zero of=disk.img bs=1M count=$MB_COUNT

# become root
sudo su

# write to the image
# ****** NOTE that you'll be prompted three times for a passphrase
losetup /dev/loop1 disk.img && \
   cryptsetup luksFormat /dev/loop1 && \
   cryptsetup luksOpen /dev/loop1 mybackupdisk && \
   genisoimage -R -J -joliet-long -graft-points -V $VOL_NAME -o 
/dev/mapper/mybackupdisk $DIR_TO_COPY

# close the device
cryptsetup luksClose /dev/mapper/mybackupdisk && \
   losetup -d /dev/loop1

# Now you have disk.img that can be burned to a CD/DVD, or just mount it 
in Linux.
# You'll be prompted for the passphrase each time you mount it.


Thanks

Davide
Italy

Re: [dm-crypt] Encrypting DVD or CDROM from iso

[Milan Broz]

On 18/11/2020 18:25, Davide Marchi wrote:
> Hi to All,
> finally I've found the right (and tested) procedure in this simple 
> script, made by sowbug: 
> https://gist.github.com/sowbug/c7f83140581fbe3e6a9b3ddf24891e77#gistcomment-3531970

The whole problem was that the size of device was wrongly calculated
  from the debug:
  > # Device size 16777216, offset 16777216.

This is apparently device size covering only LUKS2 header (default LUKS2 takes 16MB),
no data at all - then the error is expected.

> # All the code from 
> http://billauer.co.il/blog/2010/10/encrypted-iso-dvd-luks-dm-crypt-fedora-linux/
> 
> MB_COUNT=100
> VOL_NAME=MyVolName
> DIR_TO_COPY=/tmp/mydir
> 
> # Make a 100MB disk image
> dd if=/dev/zero of=disk.img bs=1M count=$MB_COUNT

All you need to do here is just to allocate requested size for data + 16M for header.
(I have no idea why the original post tries to do is such complicated way.)

Also you do not need to physically write the file, sparse file creation is much
faster here (try sizes in GB), just run (dd can do this using seek=... option too)
 truncate disk.img -s 100M

> 
> # become root
> sudo su
> 
> # write to the image
> # ****** NOTE that you'll be prompted three times for a passphrase
> losetup /dev/loop1 disk.img && \

This losetup step is not needed, loop is allocated automatically
if argument is a file (except for very old kernel where
automatic loop detach option is not yet available)

just run "cryptsetup luksFormat disk.img" and "cryptsetup open disk.img mybackupdisk"

>    cryptsetup luksFormat /dev/loop1 && \
>    cryptsetup luksOpen /dev/loop1 mybackupdisk && \
>    genisoimage -R -J -joliet-long -graft-points -V $VOL_NAME -o 
> /dev/mapper/mybackupdisk $DIR_TO_COPY
> 
> # close the device
> cryptsetup luksClose /dev/mapper/mybackupdisk && \
>    losetup -d /dev/loop1

This losetup is automatic on luksClose (so not needed) if you remove explicit loop allocation above.

Milan

Re: [dm-crypt] Encrypting DVD or CDROM from iso

[Davide Marchi]

Milan Broz ha scritto:
> [..]
> The whole problem was that the size of device was wrongly calculated
>   from the debug:
>   > # Device size 16777216, offset 16777216.
> 
> This is apparently device size covering only LUKS2 header (default 
> LUKS2 takes 16MB),
> no data at all - then the error is expected.

Ok ..but, not shure to have understand correctly :-\

>> [..]
>> 
>> All you need to do here is just to allocate requested size for data + 
>> 16M for header.
>> (I have no idea why the original post tries to do is such complicated 
>> way.)
>> 
>> Also you do not need to physically write the file, sparse file 
>> creation is much
>> faster here (try sizes in GB), just run (dd can do this using seek=... 
>> option too)
>>  truncate disk.img -s 100M
>> 

Right!

>> [..]
> [..]
> 
> just run "cryptsetup luksFormat disk.img" and "cryptsetup open disk.img 
> mybackupdisk"
> 
>> [..]
>>    genisoimage -R -J -joliet-long -graft-points -V $VOL_NAME -o
>> /dev/mapper/mybackupdisk $DIR_TO_COPY
> This losetup is automatic on luksClose (so not needed) if you remove 
> explicit loop allocation above.
>> # close the device
>> cryptsetup luksClose /dev/mapper/mybackupdisk && \
>>    losetup -d /dev/loop1
> 
> This losetup is automatic on luksClose (so not needed) if you remove 
> explicit loop allocation above.
> 
> Milan
> 

Fine, nevertheless, the problem is still there!
Indeed building a DVD (or CDROM) with this procedure, obtain the same 
block error:

> Nov 19 13:56:36 localhost colord-sane: io/hpmud/pp.c 627: unable to 
> read device-id ret=-1
> Nov 19 13:57:05 localhost kernel: [ 2470.017097] device-mapper: table: 
> 253:2: len=2093055 not aligned to h/w logical block size 2048 of sr2
> Nov 19 13:57:05 localhost kernel: [ 2470.017099] device-mapper: core: 
> Cannot calculate initial queue limits
> Nov 19 13:57:05 localhost kernel: [ 2470.017102] device-mapper: ioctl: 
> unable to set up device queue for new table.
> Nov 19 13:57:05 localhost gnome-shell[2243]: Unable to mount volume 
> Volume cifrato da 1,7 GB: Gio.IOErrorEnum: Error unlocking /dev/sr2: 
> Failed to activate device: Invalid argument

What I should do for create an iso aligned to h/w logical block size? 
:-\
I've try using Gnome Shell automount and manually, same!


I'm going out crazy!! :-D


Thanks again!


Davide

Re: [dm-crypt] Encrypting DVD or CDROM from iso

[Davide Marchi]

Hi to all and excuse me for delay but lately the life seems to me more 
complicated :-D

Coming to us, I've repeat all procedure using Cryptsetup 2.3.3, with the 
same tutorial -> "http://www.sourcentral.org/luks/iso9660/" and the 
results seems the same, as you can see:

> cryptsetup --debug -r luksOpen image.iso volume1
> # cryptsetup 2.3.3 processing "cryptsetup --debug -r luksOpen image.iso 
> volume1"
> # Running command open.
> # Locking memory.
> # Installing SIGINT/SIGTERM handler.
> # Unblocking interruption on signal.
> # Allocating context for crypt device image.iso.
> # Trying to open and read device image.iso with direct-io.
> # Trying to open device image.iso without direct-io.
> # Initialising device-mapper backend library.
> # Trying to load any crypt type from device image.iso.
> # Crypto backend (OpenSSL 1.1.1f  31 Mar 2020) initialized in 
> cryptsetup library version 2.3.3.
> # Detected kernel Linux 5.8.0-25-generic x86_64.
> # Loading LUKS2 header (repair disabled).
> # Acquiring read lock for device image.iso.
> # Verifying lock handle for image.iso.
> # Device image.iso READ lock taken.
> # Trying to read primary LUKS2 header at offset 0x0.
> # Opening locked device image.iso
> # Veryfing locked device handle (regular file)
> # LUKS2 header version 2 of size 16384 bytes, checksum sha256.
> # 
> Checksum:47874913fa24493aa71dc39d3ff41d1dc1f36719eea32c2fb1b6a1aef1a09ac9 
> (on-disk)
> # 
> Checksum:47874913fa24493aa71dc39d3ff41d1dc1f36719eea32c2fb1b6a1aef1a09ac9 
> (in-memory)
> # Trying to read secondary LUKS2 header at offset 0x4000.
> # Reusing open ro fd on device image.iso
> # LUKS2 header version 2 of size 16384 bytes, checksum sha256.
> # 
> Checksum:29975a514962a03e116133c091e725a47e5b6ccb077cf6e1502a259618737297 
> (on-disk)
> # 
> Checksum:29975a514962a03e116133c091e725a47e5b6ccb077cf6e1502a259618737297 
> (in-memory)
> # Device size 16777216, offset 16777216.
> # Device image.iso READ lock released.
> # Only 2 active CPUs detected, PBKDF threads decreased from 4 to 2.
> # PBKDF argon2i, time_ms 2000 (iterations 0), max_memory_kb 1048576, 
> parallel_threads 2.
> # Activating volume volume1 using token -1.
> # Interactive passphrase entry requested.
> Enter passphrase for image.iso:
> # Activating volume volume1 [keyslot -1] using passphrase.
> # dm version   [ opencount flush ]   [16384] (*1)
> # dm versions   [ opencount flush ]   [16384] (*1)
> # Detected dm-ioctl version 4.42.0.
> # Detected dm-crypt version 1.21.0.
> # Device-mapper backend running with UDEV support enabled.
> # dm status volume1  [ opencount noflush ]   [16384] (*1)
> # Keyslot 0 priority 1 != 2 (required), skipped.
> # Trying to open LUKS2 keyslot 0.
> # Reading keyslot area [0x8000].
> # Acquiring read lock for device image.iso.
> # Verifying lock handle for image.iso.
> # Device image.iso READ lock taken.
> # Reusing open ro fd on device image.iso
> # Device image.iso READ lock released.
> # Verifying key from keyslot 0, digest 0.
> # Loading key (64 bytes, type logon) in thread keyring.
> # dm versions   [ opencount flush ]   [16384] (*1)
> # dm status volume1  [ opencount noflush ]   [16384] (*1)
> # Allocating a free loop device.
> # Trying to open device /dev/loop6 without direct-io.
> Requested offset is beyond real size of device image.iso.
> # Requesting keyring logon key for revoke and unlink.
> # Releasing crypt device image.iso context.
> # Releasing device-mapper backend.
> # Closing read only fd for image.iso.
> # Closed loop /dev/loop6 (image.iso).
> # Unlocking memory.
> Command failed with code -1 (wrong or missing parameters).



I've not tested jet the Carlos way, but in the next days I will let you 
know:

"Carlos E. R." ha scritto:
> Hum. I created encrypted DVD years ago with a similar procedure,
> somewhat simpler. Basically, I created an empty file of the same size 
> as
> the CD or DVD, mounted it as a loop device, then I encrypted that loop
> device, and then I formatted the resulting luks device with any
> filesystem type I wished, typically XFS.
> 
> This, so far, still works.
> 
> Then I just burn that file to DVD.


and

"Milan Broz" ha scritto:
> Are you sure that your *.iso image was correctly created? It seems to 
> me that
> it is just LUKS header without data (that's why "beyond offset" error).
> 
> Milan

No I'm not sure, indeed I think it's as you say. And I think this is a 
block size problem almost certainly!


Eventually if you have any other way, maybe tested by you, for the 
creation of encrypted cdroms/cdvs, would you please me ;-)

Many thanks!


Davide

Re: [dm-crypt] Encrypting DVD or CDROM from iso

[Carlos E. R.]

[-- Attachment #1.1: Type: text/plain, Size: 1433 bytes --]

On 12/11/2020 10.36, Milan Broz wrote:
> On 11/11/2020 20:16, Carlos E. R. wrote:
>> On 10/11/2020 17.22, Davide Marchi wrote:
>>> Hi to all,
>>>
>>> I'm wondering how to create a DVD or CDROM encrypted using dm-crypt.
>>> I've followed this tutorial, with no luck:
>>> http://www.sourcentral.org/luks/iso9660/
>>>
>>> and the DVD or cdrom created cannot be activated:
>>
>> Hum. I created encrypted DVD years ago with a similar procedure,
>> somewhat simpler. Basically, I created an empty file of the same size as
>> the CD or DVD, mounted it as a loop device, then I encrypted that loop
>> device, and then I formatted the resulting luks device with any
>> filesystem type I wished, typically XFS.
>>
>> This, so far, still works.
>>
>> Then I just burn that file to DVD.
>>
>> The final step is to mount and decipher the DVD - and this step failed,
>> but it was an XFS error if I remember correctly.
> 
> You cannot switch block size in XFS - if DVD reports 2k block and XFS
> was formatted with 4k block device, it will never work.

It worked several years ago, I have dozens of DVDs made this way.


> This is not a cryptsetup problem but the way how XFS works.
> 
> Try to run lsblk -t and compare reported sector size for DVD device and your
> original device. If it is the same, it should work even for XFS.

-- 
Cheers / Saludos,

		Carlos E. R.
		(from 15.1 x86_64 at Telcontar)


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

Re: [dm-crypt] Encrypting DVD or CDROM from iso

[Milan Broz]

On 11/11/2020 20:16, Carlos E. R. wrote:
> On 10/11/2020 17.22, Davide Marchi wrote:
>> Hi to all,
>>
>> I'm wondering how to create a DVD or CDROM encrypted using dm-crypt.
>> I've followed this tutorial, with no luck: 
>> http://www.sourcentral.org/luks/iso9660/
>>
>> and the DVD or cdrom created cannot be activated:
> 
> Hum. I created encrypted DVD years ago with a similar procedure, 
> somewhat simpler. Basically, I created an empty file of the same size as 
> the CD or DVD, mounted it as a loop device, then I encrypted that loop 
> device, and then I formatted the resulting luks device with any 
> filesystem type I wished, typically XFS.
> 
> This, so far, still works.
> 
> Then I just burn that file to DVD.
> 
> The final step is to mount and decipher the DVD - and this step failed, 
> but it was an XFS error if I remember correctly.

You cannot switch block size in XFS - if DVD reports 2k block and XFS
was formatted with 4k block device, it will never work.

This is not a cryptsetup problem but the way how XFS works.

Try to run lsblk -t and compare reported sector size for DVD device and your
original device. If it is the same, it should work even for XFS.

Milan

Re: [dm-crypt] Encrypting DVD or CDROM from iso

[Milan Broz]

On 10/11/2020 17:22, Davide Marchi wrote:
> Hi to all,
> 
> I'm wondering how to create a DVD or CDROM encrypted using dm-crypt.
> I've followed this tutorial, with no luck: 
> http://www.sourcentral.org/luks/iso9660/
> 
> and the DVD or cdrom created cannot be activated:
...
>      Comando non riuscito con codice -1 (parametri errati o mancanti).
> 
> 
> 
> and also the iso not dockable to the loopback device:
> 
>      #cryptsetup -r luksOpen /dev/loop20 volume1
>      #The required offset is beyond the actual size of the /dev/loop20 
> device
> 
> Could you give me a tips for make it working?

While the page you linked is quite old, it still works (I tried 2.0.2 version even).
(Loop devices are now allocated automatically, no need to use losetup with cryptsetup,
just use file as the argument. THe size calculation is too tricky there, it can be simplified.).

Are you sure that your *.iso image was correctly created? It seems to me that
it is just LUKS header without data (that's why "beyond offset" error).

Milan

Re: [dm-crypt] Encrypting DVD or CDROM from iso

[Carlos E. R.]

[-- Attachment #1.1: Type: text/plain, Size: 1011 bytes --]

On 10/11/2020 17.22, Davide Marchi wrote:
> Hi to all,
> 
> I'm wondering how to create a DVD or CDROM encrypted using dm-crypt.
> I've followed this tutorial, with no luck: 
> http://www.sourcentral.org/luks/iso9660/
> 
> and the DVD or cdrom created cannot be activated:

Hum. I created encrypted DVD years ago with a similar procedure, 
somewhat simpler. Basically, I created an empty file of the same size as 
the CD or DVD, mounted it as a loop device, then I encrypted that loop 
device, and then I formatted the resulting luks device with any 
filesystem type I wished, typically XFS.

This, so far, still works.

Then I just burn that file to DVD.

The final step is to mount and decipher the DVD - and this step failed, 
but it was an XFS error if I remember correctly.

I can fish out the precise instructions if you are interested, and find 
out the actual error. I have a bugzilla stuck on it.

-- 
Cheers / Saludos,

		Carlos E. R.
		(from 15.1 x86_64 at Telcontar)


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

Re: [dm-crypt] Encrypting DVD or CDROM from iso

[Ondrej Kozina]

On 11/10/20 5:22 PM, Davide Marchi wrote:
> Hi to all,
> 
> I'm wondering how to create a DVD or CDROM encrypted using dm-crypt.
> I've followed this tutorial, with no luck:
> http://www.sourcentral.org/luks/iso9660/
> 
> and the DVD or cdrom created cannot be activated:
> 
> 
> 
>       cryptsetup --debug -r luksOpen /dev/sr1 dvdati
>       # cryptsetup 2.0.2 processing "cryptsetup --debug -r luksOpen

Hi,

could you try to reproduce it on more up to date cryptsetup release? 
Version 2.0.2 is quite old and may contain bugs already fixed in current 
upstream.


Regards O.

> /dev/sr1 dvdati"
>       # Running command open.
>       # Locking memory.
>       # Installing SIGINT/SIGTERM handler.
>       # Unblocking interruption on signal.
>       # Allocating context for crypt device /dev/sr1.
>       # Trying to open and read device /dev/sr1 with direct-io.
>       # Initialising device-mapper backend library.
>       # Trying to load any crypt type from device /dev/sr1.
>       # Crypto backend (gcrypt 1.8.1) initialized in cryptsetup library
> version 2.0.2.
>       # Detected kernel Linux 5.3.1-050301-lowlatency x86_64.
>       # PBKDF pbkdf2, hash sha256, time_ms 2000 (iterations 0),
> max_memory_kb 0, parallel_threads 0.
>       # Reading LUKS header of size 1024 from device /dev/sr1
>       # Key length 32, device size 2097151 sectors, header size 2050
> sectors.
>       # Activating volume dvdati using token -1.
>       # Interactive passphrase entry requested.
>       Inserire la passphrase per /dev/sr1:
>       # Activating volume dvdati [keyslot -1] using passphrase.
>       # dm version   [ opencount flush ]   [16384] (*1)
>       # dm versions   [ opencount flush ]   [16384] (*1)
>       # Detected dm-ioctl version 4.40.0.
>       # Detected dm-crypt version 1.19.0.
>       # Device-mapper backend running with UDEV support enabled.
>       # dm status dvdati  [ opencount flush ]   [16384] (*1)
>       # Trying to open key slot 0 [ACTIVE_LAST].
>       # Reading key slot 0 area.
>       # Using userspace crypto wrapper to access keyslot area.
>       Slot di chiave 0 sbloccato.
>       # Calculated device size is 2093055 sectors (RW), offset 4096.
>       # DM-UUID is CRYPT-LUKS1-fc00404de1784730ae9492929a0db06c-dvdati
>       # Udev cookie 0xd4d0652 (semid 10) created
>       # Udev cookie 0xd4d0652 (semid 10) incremented to 1
>       # Udev cookie 0xd4d0652 (semid 10) incremented to 2
>       # Udev cookie 0xd4d0652 (semid 10) assigned to CREATE task(0) with
> flags DISABLE_LIBRARY_FALLBACK         (0x20)
>       # dm create dvdati
> CRYPT-LUKS1-fc00404de1784730ae9492929a0db06c-dvdati [ opencount flush ]
>    [16384] (*1)
>       # dm reload dvdati  [ opencount flush readonly securedata ]
> [16384] (*1)
>       device-mapper: reload ioctl on   failed: Argomento non valido
>       # Udev cookie 0xd4d0652 (semid 10) decremented to 1
>       # Udev cookie 0xd4d0652 (semid 10) incremented to 2
>       # Udev cookie 0xd4d0652 (semid 10) assigned to REMOVE task(2) with
> flags DISABLE_LIBRARY_FALLBACK         (0x20)
>       # dm remove dvdati  [ opencount flush readonly securedata ]
> [16384] (*1)
>       # Udev cookie 0xd4d0652 (semid 10) decremented to 1
>       # Udev cookie 0xd4d0652 (semid 10) waiting for zero
>       # Udev cookie 0xd4d0652 (semid 10) destroyed
>       # Releasing crypt device /dev/sr1 context.
>       # Releasing device-mapper backend.
>       # Unlocking memory.
>       Comando non riuscito con codice -1 (parametri errati o mancanti).
> 
> 
> 
> and also the iso not dockable to the loopback device:
> 
>       #cryptsetup -r luksOpen /dev/loop20 volume1
>       #The required offset is beyond the actual size of the /dev/loop20
> device
> 
> 
> 
> 
> Could you give me a tips for make it working?
> 
> 
> Many thanks!
> 
> 
> Davide
> 
> 
> 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> https://www.saout.de/mailman/listinfo/dm-crypt
> 

[dm-crypt] Encrypting DVD or CDROM from iso

[Davide Marchi]

Hi to all,

I'm wondering how to create a DVD or CDROM encrypted using dm-crypt.
I've followed this tutorial, with no luck: 
http://www.sourcentral.org/luks/iso9660/

and the DVD or cdrom created cannot be activated:



     cryptsetup --debug -r luksOpen /dev/sr1 dvdati
     # cryptsetup 2.0.2 processing "cryptsetup --debug -r luksOpen 
/dev/sr1 dvdati"
     # Running command open.
     # Locking memory.
     # Installing SIGINT/SIGTERM handler.
     # Unblocking interruption on signal.
     # Allocating context for crypt device /dev/sr1.
     # Trying to open and read device /dev/sr1 with direct-io.
     # Initialising device-mapper backend library.
     # Trying to load any crypt type from device /dev/sr1.
     # Crypto backend (gcrypt 1.8.1) initialized in cryptsetup library 
version 2.0.2.
     # Detected kernel Linux 5.3.1-050301-lowlatency x86_64.
     # PBKDF pbkdf2, hash sha256, time_ms 2000 (iterations 0), 
max_memory_kb 0, parallel_threads 0.
     # Reading LUKS header of size 1024 from device /dev/sr1
     # Key length 32, device size 2097151 sectors, header size 2050 
sectors.
     # Activating volume dvdati using token -1.
     # Interactive passphrase entry requested.
     Inserire la passphrase per /dev/sr1:
     # Activating volume dvdati [keyslot -1] using passphrase.
     # dm version   [ opencount flush ]   [16384] (*1)
     # dm versions   [ opencount flush ]   [16384] (*1)
     # Detected dm-ioctl version 4.40.0.
     # Detected dm-crypt version 1.19.0.
     # Device-mapper backend running with UDEV support enabled.
     # dm status dvdati  [ opencount flush ]   [16384] (*1)
     # Trying to open key slot 0 [ACTIVE_LAST].
     # Reading key slot 0 area.
     # Using userspace crypto wrapper to access keyslot area.
     Slot di chiave 0 sbloccato.
     # Calculated device size is 2093055 sectors (RW), offset 4096.
     # DM-UUID is CRYPT-LUKS1-fc00404de1784730ae9492929a0db06c-dvdati
     # Udev cookie 0xd4d0652 (semid 10) created
     # Udev cookie 0xd4d0652 (semid 10) incremented to 1
     # Udev cookie 0xd4d0652 (semid 10) incremented to 2
     # Udev cookie 0xd4d0652 (semid 10) assigned to CREATE task(0) with 
flags DISABLE_LIBRARY_FALLBACK         (0x20)
     # dm create dvdati 
CRYPT-LUKS1-fc00404de1784730ae9492929a0db06c-dvdati [ opencount flush ]  
  [16384] (*1)
     # dm reload dvdati  [ opencount flush readonly securedata ]   
[16384] (*1)
     device-mapper: reload ioctl on   failed: Argomento non valido
     # Udev cookie 0xd4d0652 (semid 10) decremented to 1
     # Udev cookie 0xd4d0652 (semid 10) incremented to 2
     # Udev cookie 0xd4d0652 (semid 10) assigned to REMOVE task(2) with 
flags DISABLE_LIBRARY_FALLBACK         (0x20)
     # dm remove dvdati  [ opencount flush readonly securedata ]   
[16384] (*1)
     # Udev cookie 0xd4d0652 (semid 10) decremented to 1
     # Udev cookie 0xd4d0652 (semid 10) waiting for zero
     # Udev cookie 0xd4d0652 (semid 10) destroyed
     # Releasing crypt device /dev/sr1 context.
     # Releasing device-mapper backend.
     # Unlocking memory.
     Comando non riuscito con codice -1 (parametri errati o mancanti).



and also the iso not dockable to the loopback device:

     #cryptsetup -r luksOpen /dev/loop20 volume1
     #The required offset is beyond the actual size of the /dev/loop20 
device




Could you give me a tips for make it working?


Many thanks!


Davide