Re: [dm-crypt] luksAddKey successful but not working

From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] luksAddKey successful but not working
Date: Fri, 31 May 2013 17:53:44 +0200	[thread overview]
Message-ID: <20130531155344.GA26327@tansi.org> (raw)
In-Reply-To: <CACv9p5pGqstX3=7En1RKALW3_2O5+hVeY+B8jPBDe5RPSQfAyg@mail.gmail.com>

Hi Leam,

On Fri, May 31, 2013 at 10:55:33AM -0400, leam hall wrote:
> Okay, progress. And yeah, I dwaddled on reading the FAQ.  :(

It is a bit complex by now. Maybe I will feel bored some day
and make it a proper manual. 

> I think this works, the volume mounts on boot. However, if I use isLuks on
> the /dev/mapper/<volume> it is not. If I use it on the underlying
> partition  (/dev/sdc1) it gives no response and "echo $?" gives a 0.

Add a '-v' to get a human-readable output from isLuks.
But, yes, "0" is "success" as by normal Unix exit-code
conventions.

> So, am I correct in thinking that the volume is LUKS encrypted? How would
> you actually test that? I'm only at 2.8 on the FAQ.  :)

Yes.  

Arno

> Leam
> 
> 
> 
> On Fri, May 31, 2013 at 10:09 AM, leam hall <leamhall@gmail.com> wrote:
> 
> > I can build a new box without an encrypted volume, build the volume, and
> > have the server ask for the password on boot. What is currently failing is
> > reading the keyfile so that it doesn't ask for a password. What part of the
> > program/process deals with that?
> >
> > Thanks!
> >
> > Leam
> >
> >
> > On Wed, May 22, 2013 at 11:36 AM, leam hall <leamhall@gmail.com> wrote:
> >
> >> I have a support ticket with RH open now. So far I am not sure it is a
> >> bug. It may well just be my misunderstanding. If it does turn out to be a
> >> bug I will file it.
> >>
> >> Thanks!
> >>
> >> Leam
> >>
> >>
> >> On Wed, May 22, 2013 at 11:28 AM, Milan Broz <gmazyland@gmail.com> wrote:
> >>
> >>> On 05/22/2013 04:33 PM, Arno Wagner wrote:
> >>> > A look into the man-page of cryptsetup shows that luksAddKey does
> >>> > not write the key-file, but reads it. I am surprised though that
> >>> > cryptsetup does not complain that the file is missing. With my
> >>> > system (cryptsetup 1.6.0) it does:
> >>> >
> >>> > # cryptsetup luksAddKey /dev/loop0 keyfile
> >>> > Enter any passphrase:
> >>> > Failed to open key file.    <---
> >>> > #
> >>>
> >>> RHEL5 has very old cryptsetup (based on 1.0.3 version) and it is
> >>> impossible
> >>> to rebase there to a new version.
> >>> You can create a bug requesting to fix this issue in RH bugzilla
> >>> though...
> >>>
> >>> Milan
> >>> _______________________________________________
> >>> dm-crypt mailing list
> >>> dm-crypt@saout.de
> >>> http://www.saout.de/mailman/listinfo/dm-crypt
> >>>
> >>
> >>
> >>
> >> --
> >> Mind on a Mission <http://leamhall.blogspot.com/>
> >>
> >
> >
> >
> > --
> > Mind on a Mission <http://leamhall.blogspot.com/>
> >
> 
> 
> 
> -- 
> Mind on a Mission <http://leamhall.blogspot.com/>

> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare