From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <wagner@tansi.org>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ZUhedz3lcYL3 for <dm-crypt@saout.de>;
 Mon,  2 Apr 2012 09:47:58 +0200 (CEST)
Received: from v4.tansi.org (ns.km33513-03.keymachine.de [87.118.94.3])
 by mail.saout.de (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Mon,  2 Apr 2012 09:47:58 +0200 (CEST)
Received: from gatewagner.dyndns.org (84-74-163-71.dclient.hispeed.ch
 [84.74.163.71]) by v4.tansi.org (Postfix) with ESMTPA id E05A520554E
 for <dm-crypt@saout.de>; Mon,  2 Apr 2012 09:47:57 +0200 (CEST)
Date: Mon, 2 Apr 2012 09:47:57 +0200
From: Arno Wagner <arno@wagner.name>
Message-ID: <20120402074757.GA9613@tansi.org>
References: <CAFnMBaSPn6p_jLcgJOQ_D=STpJrwRap6qorCcenH7ez+bGmPiQ@mail.gmail.com>
 <CAFnMBaR24NYrMLh2M+jskXfUSAJSsmwh3CvA=aR_Tkpkd6Sw=w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAFnMBaR24NYrMLh2M+jskXfUSAJSsmwh3CvA=aR_Tkpkd6Sw=w@mail.gmail.com>
Subject: Re: [dm-crypt] about invalid key slots
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Mon, Apr 02, 2012 at 01:43:28AM -0400, .. ink .. wrote:
> On Sun, Apr 1, 2012 at 8:41 PM, .. ink .. <mhogomchungu@gmail.com> wrote:
> 
> > > $ sudo cryptsetup luksOpen /dev/sdc dsk
> > > LUKS keyslot 6 is invalid.
> > > LUKS keyslot 7 is invalid.
> >
> > A user with a problem with invalid key slots had the above in one of the
> > recent mailing list post.
> >
> > Does cryptsetup check all slots if they are valid before it tries to open
> > a volume and bail out when it finds an invalid one or does it give the
> > above error if it cant get a valid key on on valid key slots?
> >
> > example, if a valid slot was on slot number 1 and he entered a passphrase
> > that is on slot number 1.Would he have got the same error message?
> >
> > did cryptsetup went through all the valid keyslots, didnt find the key and
> > suspect that the key might be on the two invalid slots and reported the
> > error?
> >
> >
> >
> is it possible to get or how can i create a volume with an invalid key? i
> would lik3 to test this for my program zulucrypt but i cant seem to manage
> to corrupt a volume. The best i have got after trying for hours is
> inconsistency at best.
> 
> crypt_keyslot_status API shows the key is invalid but cryptsetup luksDump
> shown the key slot as disabled and cryptsetup executable just says the
> password does not exist when trying to open the volume with the a key in
> slot i try to make invalid

As far as I understand Milan, this is not the keyslot being
invalid, but its offset and/or size, i.e. the keyslot descriptor
in the header has been corrupted.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell