[dm-crypt] json help

[dm-crypt] json help

[JT Morée]

Hello,

I am back to working with json data now that 2.4.0 is closer to release. I am using source clone cloned from gitlab to get the latest features but not able to get some commands to work.

If I'm reading the latest man page properly these commands should import json data into the header but it always fails for me.

$ echo '{ "foo" : "bar" }' |  cryptsetup token import /dev/sdb2 --key-slot 1
Failed to import token from file.

$ echo '{ "foo": "bar" }' > test.json
$ cryptsetup token import /dev/sdb2 --key-slot 1 --json-file ./test.json
Failed to import token from file.
_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de

[dm-crypt] Re: json help

[Milan Broz]

On 12/08/2021 15:34, JT Morée wrote:
> I am back to working with json data now that 2.4.0 is closer to
> release. I am using source clone cloned from gitlab to get the latest
> features but not able to get some commands to work.

JSON format is defined in LUKS2 doc, there is no change in 2.4.0, we are just
adding API for external shared library.
 
> If I'm reading the latest man page properly these commands should
> import json data into the header but it always fails for me.

Yes, but also read LUKS2 speciofication (in /docs), section 3.6 that describes token object.

While it can store arbitrary JSON metadata, there are mandatory fields (type, keyslots array)

If you are using direct JSON API (token import), these fields must be present.

Try

  echo '{ "type" : "blah" , "keyslots" : [ ], "foo" : "bar" }' |  ./cryptsetup token import /dev/sdb --key-slot 0

Type is you name for this token type, keyslots is then assigned according to parameters on commandline.

Also if something fails, try --debug, in your case:

...
# STDIN descriptor JSON read requested.
# Updating JSON for token -1.
# Token "0" is missing "type" (string) specification.
Failed to import token from file.

So it should give you a hint.

Milan
_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de

[dm-crypt] Re: json help

[JT Morée]

Ah yes.  the pdf.  I forgot about that doc too.  

Based on the luks2 spec and your examples I am importing/exporting token data but finding it non intuitive and inconsistent.

I have two keyslots for device /dev/sdb2 and I'm trying to assign the tokens to keyslot 1.  I can assign to all keyslots or to keyslot 0 but NOT keyslot 1.  

Here is the short output.  Debug doesn't give me any useful information but I'll post some for the last two commands.

$ echo '{ "type" : "blah" , "keyslots" : [], "foo" : "bar" }' |  ./cryptsetup token import /dev/sdb2 --key-slot 1
Failed to assign token 0 to keyslot 1.
$ echo '{ "type" : "blah" , "keyslots" : [ ], "foo" : "bar" }' |  ./cryptsetup token import /dev/sdb2 --key-slot 1
Failed to assign token 0 to keyslot 1.
$ echo '{ "type" : "blah" , "keyslots" : [1], "foo" : "bar" }' |  ./cryptsetup token import /dev/sdb2
Failed to import token from file.
$ echo '{ "type" : "blah" , "keyslots" : [1], "foo" : "bar" }' |  ./cryptsetup token import /dev/sdb2 --key-slot 1
Failed to import token from file.
$ echo '{ "type" : "blah" , "keyslots" : [], "foo" : "bar" }' |  ./cryptsetup token import /dev/sdb2 --key-slot 0
$ echo '{ "type" : "blah" , "keyslots" : [], "foo0" : "bar0" }' |  ./cryptsetup token import /dev/sdb2 --key-slot 0
$ echo '{ "type" : "blah" , "keyslots" : [], "all" : "all" }' |  ./cryptsetup token import /dev/sdb2
$ echo '{ "type" : "blah" , "keyslots" : [], "all" : "1" }' |  ./cryptsetup token import /dev/sdb2
$ echo '{ "type" : "blah" , "keyslots" : [], "all" : "2" }' |  ./cryptsetup token import /dev/sdb2
$ echo '{ "type" : "blah" , "keyslots" : [], "all" : "3" }' |  ./cryptsetup token import /dev/sdb2
$ cryptsetup luksDump /dev/sdb2 --debug-json
...
"tokens":{
   "0":{
     "type":"blah",
     "keyslots":[
       "0"
     ],
     "foo":"bar"
   },
   "1":{
     "type":"blah",
     "keyslots":[
       "0"
     ],
     "foo0":"bar0"
   },
   "2":{
     "type":"blah",
     "keyslots":[
     ],
     "all":"all"
   },
 },
...


$ echo '{ "type" : "blah" , "keyslots" : [], "key1" : "does not work" }' |  ./cryptsetup token import /dev/sdb2 --key-slot 1 --debug
# cryptsetup 2.4.0-rc1 processing "/home/jt/local/cryptsetup/cryptsetup.jt/.libs/cryptsetup token import /dev/sdb2 --key-slot 1 --debug"
# Running command token.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/sdb2.
# Trying to open and read device /dev/sdb2 with direct-io.
# Initialising device-mapper backend library.
# Trying to load LUKS2 crypt type from device /dev/sdb2.
# Crypto backend (OpenSSL 1.1.1j  16 Feb 2021) initialized in cryptsetup library version 2.4.0-rc1.
# Detected kernel Linux 5.11.0-25-generic x86_64.
# Loading LUKS2 header (repair disabled).
# Acquiring read lock for device /dev/sdb2.
# Opening lock resource file /run/cryptsetup/L_8:18
# Verifying lock handle for /dev/sdb2.
# Device /dev/sdb2 READ lock taken.
# Trying to read primary LUKS2 header at offset 0x0.
# Opening locked device /dev/sdb2
# Veryfing locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:57e4caf994053134277ddb302b8d729fb8818d14bcf6eeecefb05cdffec8407f (on-disk)
# Checksum:57e4caf994053134277ddb302b8d729fb8818d14bcf6eeecefb05cdffec8407f (in-memory)
# Trying to read secondary LUKS2 header at offset 0x4000.
# Reusing open ro fd on device /dev/sdb2
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:c3b853e230c1cc786bc6b95cb40650b89b6060bba018d39beb89a26d43eb8af2 (on-disk)
# Checksum:c3b853e230c1cc786bc6b95cb40650b89b6060bba018d39beb89a26d43eb8af2 (in-memory)
# Device size 1907359744, offset 16777216.
# Device /dev/sdb2 READ lock released.
# PBKDF argon2id, time_ms 2000 (iterations 0), max_memory_kb 1048576, parallel_threads 4.
# STDIN descriptor JSON read requested.
# Updating JSON for token -1.
# Trying to load /usr/lib/cryptsetup/libcryptsetup-token-blah.so.
# /usr/lib/cryptsetup/libcryptsetup-token-blah.so: cannot open shared object file: No such file or directory
# Device size 1907359744, offset 16777216.
# Acquiring write lock for device /dev/sdb2.
# Opening lock resource file /run/cryptsetup/L_8:18
# Verifying lock handle for /dev/sdb2.
# Device /dev/sdb2 WRITE lock taken.
# Checking context sequence id matches value stored on disk.
# Reusing open ro fd on device /dev/sdb2
# Trying to write LUKS2 header (16384 bytes) at offset 0.
# Opening locked device /dev/sdb2
# Veryfing locked device handle (bdev)
# Checksum:d5b36f9571c82d4ea76e086e1e16934c2ef99b953d171f6ffbf3ae3e7c47bba3 (in-memory)
# Trying to write LUKS2 header (16384 bytes) at offset 16384.
# Reusing open rw fd on device /dev/sdb2
# Checksum:75aa1286798a9d47acbdf6cf7b67c3b6a3e7af748624bdca64ad222d7e954e4f (in-memory)
# Device /dev/sdb2 WRITE lock released.
# Keyslot 1 assigned to token 6.
# Keyslots section "" is missing "1" (object) specification.
Failed to assign token 6 to keyslot 1.
# Updating JSON for token 6.
# Device size 1907359744, offset 16777216.
# Acquiring write lock for device /dev/sdb2.
# Opening lock resource file /run/cryptsetup/L_8:18
# Verifying lock handle for /dev/sdb2.
# Device /dev/sdb2 WRITE lock taken.
# Checking context sequence id matches value stored on disk.
# Reusing open ro fd on device /dev/sdb2
# Trying to write LUKS2 header (16384 bytes) at offset 0.
# Reusing open rw fd on device /dev/sdb2
# Checksum:29f1ecbb169f48d69be0ae5b2c8a3cfc42d8d25bf0853dcd3119eb27faa6a568 (in-memory)
# Trying to write LUKS2 header (16384 bytes) at offset 16384.
# Reusing open rw fd on device /dev/sdb2
# Checksum:b20770ce7233f9d53f39f863d160f4f511088f860e30502c03a48574da981212 (in-memory)
# Device /dev/sdb2 WRITE lock released.
# Releasing crypt device /dev/sdb2 context.
# Releasing device-mapper backend.
# Closing read only fd for /dev/sdb2.
# Closing read write fd for /dev/sdb2.
Command failed with code -1 (wrong or missing parameters).


$ echo '{ "type" : "blah" , "keyslots" : [1], "key1" : "does not work" }' |  ./cryptsetup token import /dev/sdb2 --key-slot 1 --debug
# cryptsetup 2.4.0-rc1 processing "/home/jt/local/cryptsetup/cryptsetup.jt/.libs/cryptsetup token import /dev/sdb2 --key-slot 1 --debug"
# Running command token.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/sdb2.
# Trying to open and read device /dev/sdb2 with direct-io.
# Initialising device-mapper backend library.
# Trying to load LUKS2 crypt type from device /dev/sdb2.
# Crypto backend (OpenSSL 1.1.1j  16 Feb 2021) initialized in cryptsetup library version 2.4.0-rc1.
# Detected kernel Linux 5.11.0-25-generic x86_64.
# Loading LUKS2 header (repair disabled).
# Acquiring read lock for device /dev/sdb2.
# Opening lock resource file /run/cryptsetup/L_8:18
# Verifying lock handle for /dev/sdb2.
# Device /dev/sdb2 READ lock taken.
# Trying to read primary LUKS2 header at offset 0x0.
# Opening locked device /dev/sdb2
# Veryfing locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:29f1ecbb169f48d69be0ae5b2c8a3cfc42d8d25bf0853dcd3119eb27faa6a568 (on-disk)
# Checksum:29f1ecbb169f48d69be0ae5b2c8a3cfc42d8d25bf0853dcd3119eb27faa6a568 (in-memory)
# Trying to read secondary LUKS2 header at offset 0x4000.
# Reusing open ro fd on device /dev/sdb2
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:b20770ce7233f9d53f39f863d160f4f511088f860e30502c03a48574da981212 (on-disk)
# Checksum:b20770ce7233f9d53f39f863d160f4f511088f860e30502c03a48574da981212 (in-memory)
# Device size 1907359744, offset 16777216.
# Device /dev/sdb2 READ lock released.
# PBKDF argon2id, time_ms 2000 (iterations 0), max_memory_kb 1048576, parallel_threads 4.
# STDIN descriptor JSON read requested.
# Updating JSON for token -1.
# Illegal value type in keyslots array at index 0.
Failed to import token from file.
# Releasing crypt device /dev/sdb2 context.
# Releasing device-mapper backend.
# Closing read only fd for /dev/sdb2.
Command failed with code -1 (wrong or missing parameters).




--
JT

_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de

[dm-crypt] Re: json help

[Ondrej Kozina]

On 8/16/21 2:35 PM, JT Morée wrote:
> 
> $ echo '{ "type" : "blah" , "keyslots" : [], "key1" : "does not work" }' |  ./cryptsetup token import /dev/sdb2 --key-slot 1 --debug
> # cryptsetup 2.4.0-rc1 processing "/home/jt/local/cryptsetup/cryptsetup.jt/.libs/cryptsetup token import /dev/sdb2 --key-slot 1 --debug"
> # Running command token.
> # Installing SIGINT/SIGTERM handler.
> # Unblocking interruption on signal.
> # Allocating context for crypt device /dev/sdb2.
> # Trying to open and read device /dev/sdb2 with direct-io.
> # Initialising device-mapper backend library.
> # Trying to load LUKS2 crypt type from device /dev/sdb2.
> # Crypto backend (OpenSSL 1.1.1j  16 Feb 2021) initialized in cryptsetup library version 2.4.0-rc1.
> # Detected kernel Linux 5.11.0-25-generic x86_64.
> # Loading LUKS2 header (repair disabled).
> # Acquiring read lock for device /dev/sdb2.
> # Opening lock resource file /run/cryptsetup/L_8:18
> # Verifying lock handle for /dev/sdb2.
> # Device /dev/sdb2 READ lock taken.
> # Trying to read primary LUKS2 header at offset 0x0.
> # Opening locked device /dev/sdb2
> # Veryfing locked device handle (bdev)
> # LUKS2 header version 2 of size 16384 bytes, checksum sha256.
> # Checksum:57e4caf994053134277ddb302b8d729fb8818d14bcf6eeecefb05cdffec8407f (on-disk)
> # Checksum:57e4caf994053134277ddb302b8d729fb8818d14bcf6eeecefb05cdffec8407f (in-memory)
> # Trying to read secondary LUKS2 header at offset 0x4000.
> # Reusing open ro fd on device /dev/sdb2
> # LUKS2 header version 2 of size 16384 bytes, checksum sha256.
> # Checksum:c3b853e230c1cc786bc6b95cb40650b89b6060bba018d39beb89a26d43eb8af2 (on-disk)
> # Checksum:c3b853e230c1cc786bc6b95cb40650b89b6060bba018d39beb89a26d43eb8af2 (in-memory)
> # Device size 1907359744, offset 16777216.
> # Device /dev/sdb2 READ lock released.
> # PBKDF argon2id, time_ms 2000 (iterations 0), max_memory_kb 1048576, parallel_threads 4.
> # STDIN descriptor JSON read requested.
> # Updating JSON for token -1.
> # Trying to load /usr/lib/cryptsetup/libcryptsetup-token-blah.so.
> # /usr/lib/cryptsetup/libcryptsetup-token-blah.so: cannot open shared object file: No such file or directory
> # Device size 1907359744, offset 16777216.
> # Acquiring write lock for device /dev/sdb2.
> # Opening lock resource file /run/cryptsetup/L_8:18
> # Verifying lock handle for /dev/sdb2.
> # Device /dev/sdb2 WRITE lock taken.
> # Checking context sequence id matches value stored on disk.
> # Reusing open ro fd on device /dev/sdb2
> # Trying to write LUKS2 header (16384 bytes) at offset 0.
> # Opening locked device /dev/sdb2
> # Veryfing locked device handle (bdev)
> # Checksum:d5b36f9571c82d4ea76e086e1e16934c2ef99b953d171f6ffbf3ae3e7c47bba3 (in-memory)
> # Trying to write LUKS2 header (16384 bytes) at offset 16384.
> # Reusing open rw fd on device /dev/sdb2
> # Checksum:75aa1286798a9d47acbdf6cf7b67c3b6a3e7af748624bdca64ad222d7e954e4f (in-memory)
> # Device /dev/sdb2 WRITE lock released.
> # Keyslot 1 assigned to token 6.
> # Keyslots section "" is missing "1" (object) specification.
> Failed to assign token 6 to keyslot 1.
> # Updating JSON for token 6.
> # Device size 1907359744, offset 16777216.
> # Acquiring write lock for device /dev/sdb2.
> # Opening lock resource file /run/cryptsetup/L_8:18
> # Verifying lock handle for /dev/sdb2.
> # Device /dev/sdb2 WRITE lock taken.
> # Checking context sequence id matches value stored on disk.
> # Reusing open ro fd on device /dev/sdb2
> # Trying to write LUKS2 header (16384 bytes) at offset 0.
> # Reusing open rw fd on device /dev/sdb2
> # Checksum:29f1ecbb169f48d69be0ae5b2c8a3cfc42d8d25bf0853dcd3119eb27faa6a568 (in-memory)
> # Trying to write LUKS2 header (16384 bytes) at offset 16384.
> # Reusing open rw fd on device /dev/sdb2
> # Checksum:b20770ce7233f9d53f39f863d160f4f511088f860e30502c03a48574da981212 (in-memory)
> # Device /dev/sdb2 WRITE lock released.
> # Releasing crypt device /dev/sdb2 context.
> # Releasing device-mapper backend.
> # Closing read only fd for /dev/sdb2.
> # Closing read write fd for /dev/sdb2.
> Command failed with code -1 (wrong or missing parameters).

This one is interesting, let me check that. It may be a bug.

> 
> 
> $ echo '{ "type" : "blah" , "keyslots" : [1], "key1" : "does not work" }' |  ./cryptsetup token import /dev/sdb2 --key-slot 1 --debug
(...)
> # Updating JSON for token -1.
> # Illegal value type in keyslots array at index 0.
> Failed to import token from file.
> # Releasing crypt device /dev/sdb2 context.
> # Releasing device-mapper backend.
> # Closing read only fd for /dev/sdb2.
> Command failed with code -1 (wrong or missing parameters).

Element in "keyslots" array has to be string type. So try "keyslots" : [ 
"1" ] instead.

Regards O.

_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de

[dm-crypt] Re: json help

[Ondrej Kozina]

On 8/16/21 2:35 PM, JT Morée wrote:
> 
> $ echo '{ "type" : "blah" , "keyslots" : [], "key1" : "does not work" }' |  ./cryptsetup token import /dev/sdb2 --key-slot 1 --debug
> # cryptsetup 2.4.0-rc1 processing "/home/jt/local/cryptsetup/cryptsetup.jt/.libs/cryptsetup token import /dev/sdb2 --key-slot 1 --debug"
> # Running command token.
> # Installing SIGINT/SIGTERM handler.
> # Unblocking interruption on signal.
> # Allocating context for crypt device /dev/sdb2.
> # Trying to open and read device /dev/sdb2 with direct-io.
> # Initialising device-mapper backend library.
> # Trying to load LUKS2 crypt type from device /dev/sdb2.
> # Crypto backend (OpenSSL 1.1.1j  16 Feb 2021) initialized in cryptsetup library version 2.4.0-rc1.
> # Detected kernel Linux 5.11.0-25-generic x86_64.
> # Loading LUKS2 header (repair disabled).
> # Acquiring read lock for device /dev/sdb2.
> # Opening lock resource file /run/cryptsetup/L_8:18
> # Verifying lock handle for /dev/sdb2.
> # Device /dev/sdb2 READ lock taken.
> # Trying to read primary LUKS2 header at offset 0x0.
> # Opening locked device /dev/sdb2
> # Veryfing locked device handle (bdev)
> # LUKS2 header version 2 of size 16384 bytes, checksum sha256.
> # Checksum:57e4caf994053134277ddb302b8d729fb8818d14bcf6eeecefb05cdffec8407f (on-disk)
> # Checksum:57e4caf994053134277ddb302b8d729fb8818d14bcf6eeecefb05cdffec8407f (in-memory)
> # Trying to read secondary LUKS2 header at offset 0x4000.
> # Reusing open ro fd on device /dev/sdb2
> # LUKS2 header version 2 of size 16384 bytes, checksum sha256.
> # Checksum:c3b853e230c1cc786bc6b95cb40650b89b6060bba018d39beb89a26d43eb8af2 (on-disk)
> # Checksum:c3b853e230c1cc786bc6b95cb40650b89b6060bba018d39beb89a26d43eb8af2 (in-memory)
> # Device size 1907359744, offset 16777216.
> # Device /dev/sdb2 READ lock released.
> # PBKDF argon2id, time_ms 2000 (iterations 0), max_memory_kb 1048576, parallel_threads 4.
> # STDIN descriptor JSON read requested.
> # Updating JSON for token -1.
> # Trying to load /usr/lib/cryptsetup/libcryptsetup-token-blah.so.
> # /usr/lib/cryptsetup/libcryptsetup-token-blah.so: cannot open shared object file: No such file or directory
> # Device size 1907359744, offset 16777216.
> # Acquiring write lock for device /dev/sdb2.
> # Opening lock resource file /run/cryptsetup/L_8:18
> # Verifying lock handle for /dev/sdb2.
> # Device /dev/sdb2 WRITE lock taken.
> # Checking context sequence id matches value stored on disk.
> # Reusing open ro fd on device /dev/sdb2
> # Trying to write LUKS2 header (16384 bytes) at offset 0.
> # Opening locked device /dev/sdb2
> # Veryfing locked device handle (bdev)
> # Checksum:d5b36f9571c82d4ea76e086e1e16934c2ef99b953d171f6ffbf3ae3e7c47bba3 (in-memory)
> # Trying to write LUKS2 header (16384 bytes) at offset 16384.
> # Reusing open rw fd on device /dev/sdb2
> # Checksum:75aa1286798a9d47acbdf6cf7b67c3b6a3e7af748624bdca64ad222d7e954e4f (in-memory)
> # Device /dev/sdb2 WRITE lock released.
> # Keyslot 1 assigned to token 6.
> # Keyslots section "" is missing "1" (object) specification.
> Failed to assign token 6 to keyslot 1.
> # Updating JSON for token 6.
> # Device size 1907359744, offset 16777216.
> # Acquiring write lock for device /dev/sdb2.
> # Opening lock resource file /run/cryptsetup/L_8:18
> # Verifying lock handle for /dev/sdb2.
> # Device /dev/sdb2 WRITE lock taken.
> # Checking context sequence id matches value stored on disk.
> # Reusing open ro fd on device /dev/sdb2
> # Trying to write LUKS2 header (16384 bytes) at offset 0.
> # Reusing open rw fd on device /dev/sdb2
> # Checksum:29f1ecbb169f48d69be0ae5b2c8a3cfc42d8d25bf0853dcd3119eb27faa6a568 (in-memory)
> # Trying to write LUKS2 header (16384 bytes) at offset 16384.
> # Reusing open rw fd on device /dev/sdb2
> # Checksum:b20770ce7233f9d53f39f863d160f4f511088f860e30502c03a48574da981212 (in-memory)
> # Device /dev/sdb2 WRITE lock released.
> # Releasing crypt device /dev/sdb2 context.
> # Releasing device-mapper backend.
> # Closing read only fd for /dev/sdb2.
> # Closing read write fd for /dev/sdb2.
> Command failed with code -1 (wrong or missing parameters).
> 

Actually, this is not a bug. It seems the keyslot 1 does not exist in 
LUKS2 metadata in this very example:

 > # Keyslots section "" is missing "1" (object) specification.

Quote above comes from validation code that checks if all assigned 
keyslots in token object actually exists (in this example keyslot is 
being added via --key-slot cli parameter).

If you can reproduce the failure again, please open issue on gitlab with 
following command outputs again:

cryptsetup luksDump /dev/sda2 --debug-json
- and -
echo '{ "type" : "blah" , "keyslots" : [], "key1" : "does not work" }' | 
  ./cryptsetup token import /dev/sdb2 --key-slot 1 --debug

Thank you
O.

_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de

[dm-crypt] Re: json help

[JT Morée]

On Monday, August 16, 2021, 06:21:06 AM MST, Ondrej Kozina <okozina@redhat.com> wrote: 

>> Actually, this is not a bug. It seems the keyslot 1 does not exist in 

Yes, thank you.  In testing I forgot that I had recreated the device which wiped out the second keyslot.  I now have a working example and have documented what I'm doing to integrate gpg smartcards with LUKS.

https://sites.google.com/site/jtmoree/knowledge-base/cryptsetup-luks-and-smart-cards?authuser=0
_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de

[dm-crypt] Re: json help

[Ondrej Kozina]

On 8/20/21 3:46 PM, JT Morée wrote:
> 
> On Monday, August 16, 2021, 06:21:06 AM MST, Ondrej Kozina <okozina@redhat.com> wrote:
> 
>>> Actually, this is not a bug. It seems the keyslot 1 does not exist in
> 
> Yes, thank you.  In testing I forgot that I had recreated the device which wiped out the second keyslot.  I now have a working example and have documented what I'm doing to integrate gpg smartcards with LUKS.

Thanks for confirming it. I've opened PR to make the mistake more 
obvious next time anyone is hit by it: 
https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/208

O.

> 
> https://sites.google.com/site/jtmoree/knowledge-base/cryptsetup-luks-and-smart-cards?authuser=0
> _______________________________________________
> dm-crypt mailing list -- dm-crypt@saout.de
> To unsubscribe send an email to dm-crypt-leave@saout.de
> 

_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de