* [dm-crypt] No key available with this passphrase.
@ 2014-06-10 16:37 Ryan Delaney
2014-06-11 3:53 ` Arno Wagner
0 siblings, 1 reply; 10+ messages in thread
From: Ryan Delaney @ 2014-06-10 16:37 UTC (permalink / raw)
To: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 3272 bytes --]
Hello,
I have a RAID5 array composed of three (3x3GB) disks:
> $ sudo mdadm --misc --detail /dev/md0
> /dev/md0:
> Version : 1.2
> Creation Time : Tue Nov 13 16:54:29 2012
> Raid Level : raid5
> Array Size : 5860268032 (5588.79 GiB 6000.91 GB)
> Used Dev Size : 2930134016 (2794.39 GiB 3000.46 GB)
> Raid Devices : 3
> Total Devices : 3
> Persistence : Superblock is persistent
>
> Update Time : Tue Jun 10 08:08:15 2014
> State : clean
> Active Devices : 3
>Working Devices : 3
> Failed Devices : 0
> Spare Devices : 0
>
> Layout : left-symmetric
> Chunk Size : 512K
>
> Name : mothership:0 (local to host mothership)
> UUID : 02aff219:f7f6840c:9aaf506f:1ce273b0
> Events : 58
>
> Number Major Minor RaidDevice State
> 0 8 65 0 active sync /dev/sde1
> 1 8 81 1 active sync /dev/sdf1
> 3 8 97 2 active sync /dev/sdg1
There are two partitions on the disk. md0p1 is 500gb and I use it to store
encrypted data. md0p2 uses the remaining 5.5GB for non-secure long term
storage.
On June 1, I migrated from truecrypt and created a new volume on md0p1. From
journalctl:
> sudo /usr/bin/cryptsetup -v luksFormat /dev/md0p1
> sudo /usr/bin/cryptsetup open --type luks /dev/md0p1 crypt
> sudo /usr/bin/mkfs -t ext4 /dev/mapper/crypt
> sudo /usr/bin/mount /dev/mapper/crypt /media/crypt
It was initialized with a passphrase that I have stored in a gpg encrypted
file. I worked with the volume open for about a day and copied data into it without
any issue. Satisfied, I uninstalled truecrypt.
Shortly thereafter, kernel updates, systemd, and various others were pulled
through the archlinux core repository. Pacman update log: http://sprunge.us/KLJL
After applying these updates, I rebooted the system. I find myself unable to
open the partition with cryptsetup:
> $ sudo /usr/bin/cryptsetup open --type luks /dev/md0p1 crypt
> Enter passphrase for /dev/md0p1:
> No key available with this passphrase.
> Enter passphrase for /dev/md0p1:
Output of luksDump:
> LUKS header information for /dev/md0p1
>
>Version: 1
>Cipher name: aes
>Cipher mode: xts-plain64
>Hash spec: sha1
>Payload offset: 4096
>MK bits: 256
>MK digest: ef 1e 13 6f 79 2a bd 0e 09 81 ae d9 3d 61 68 c9 42 ad 67 25
>MK salt: 8d d1 4c 5b b8 76 12 43 fd 62 b3 e8 0e 70 6e 85
> fd c6 56 30 84 dd c0 d7 87 45 1a ab 3d 02 39 4e
>MK iterations: 99500
>UUID: e2aa27d7-d0bf-469a-ad77-0c197a3f2d70
>
>Key Slot 0: ENABLED
> Iterations: 419671
> Salt: 5c db 57 29 7e 15 fc f7 64 95 c0 78 31 15 08 7d
> cd 55 a2 f5 39 ba 5f 51 9c 0b 09 c5 a2 51 84 f1
> Key material offset: 8
> AF stripes: 4000
>Key Slot 1: DISABLED
>Key Slot 2: DISABLED
>Key Slot 3: DISABLED
>Key Slot 4: DISABLED
>Key Slot 5: DISABLED
>Key Slot 6: DISABLED
>Key Slot 7: DISABLED
Is it possible that the updates are interfering in any way? What can I do to
troubleshoot this?
--
Regards,
Ryan Delaney
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [dm-crypt] No key available with this passphrase.
2014-06-10 16:37 [dm-crypt] No key available with this passphrase Ryan Delaney
@ 2014-06-11 3:53 ` Arno Wagner
0 siblings, 0 replies; 10+ messages in thread
From: Arno Wagner @ 2014-06-11 3:53 UTC (permalink / raw)
To: dm-crypt
Hi,
the typical problems after updates are missing ciphers
(gives a differen error) and changes character encoding.
If, you have some non ISO-7-bit characters in you
passphrase and are going from some byte encoding to
UTF-8, the binary representation will change completely,
see also FAQ item 1.2.
The only way to deal with that is to somehow reconstruct
old passphrase encoding and unlock with that.
In order to look at the encoding of special haracters,
you can do something like this:
1. echo "x" > test
2. hd test
with x replaced by the special character.
Arno
On Tue, Jun 10, 2014 at 18:37:55 CEST, Ryan Delaney wrote:
> Hello,
>
> I have a RAID5 array composed of three (3x3GB) disks:
>
> > $ sudo mdadm --misc --detail /dev/md0
> > /dev/md0:
> > Version : 1.2
> > Creation Time : Tue Nov 13 16:54:29 2012
> > Raid Level : raid5
> > Array Size : 5860268032 (5588.79 GiB 6000.91 GB)
> > Used Dev Size : 2930134016 (2794.39 GiB 3000.46 GB)
> > Raid Devices : 3
> > Total Devices : 3
> > Persistence : Superblock is persistent
> >
> > Update Time : Tue Jun 10 08:08:15 2014
> > State : clean
> > Active Devices : 3
> >Working Devices : 3
> > Failed Devices : 0
> > Spare Devices : 0
> >
> > Layout : left-symmetric
> > Chunk Size : 512K
> >
> > Name : mothership:0 (local to host mothership)
> > UUID : 02aff219:f7f6840c:9aaf506f:1ce273b0
> > Events : 58
> >
> > Number Major Minor RaidDevice State
> > 0 8 65 0 active sync /dev/sde1
> > 1 8 81 1 active sync /dev/sdf1
> > 3 8 97 2 active sync /dev/sdg1
>
> There are two partitions on the disk. md0p1 is 500gb and I use it to store
> encrypted data. md0p2 uses the remaining 5.5GB for non-secure long term
> storage.
>
> On June 1, I migrated from truecrypt and created a new volume on md0p1. From
> journalctl:
>
> > sudo /usr/bin/cryptsetup -v luksFormat /dev/md0p1
> > sudo /usr/bin/cryptsetup open --type luks /dev/md0p1 crypt
> > sudo /usr/bin/mkfs -t ext4 /dev/mapper/crypt
> > sudo /usr/bin/mount /dev/mapper/crypt /media/crypt
>
> It was initialized with a passphrase that I have stored in a gpg encrypted
> file. I worked with the volume open for about a day and copied data into it without
> any issue. Satisfied, I uninstalled truecrypt.
>
> Shortly thereafter, kernel updates, systemd, and various others were pulled
> through the archlinux core repository. Pacman update log: http://sprunge.us/KLJL
>
> After applying these updates, I rebooted the system. I find myself unable to
> open the partition with cryptsetup:
>
> > $ sudo /usr/bin/cryptsetup open --type luks /dev/md0p1 crypt
> > Enter passphrase for /dev/md0p1:
> > No key available with this passphrase.
> > Enter passphrase for /dev/md0p1:
>
> Output of luksDump:
>
> > LUKS header information for /dev/md0p1
> >
> >Version: 1
> >Cipher name: aes
> >Cipher mode: xts-plain64
> >Hash spec: sha1
> >Payload offset: 4096
> >MK bits: 256
> >MK digest: ef 1e 13 6f 79 2a bd 0e 09 81 ae d9 3d 61 68 c9 42 ad 67 25
> >MK salt: 8d d1 4c 5b b8 76 12 43 fd 62 b3 e8 0e 70 6e 85
> > fd c6 56 30 84 dd c0 d7 87 45 1a ab 3d 02 39 4e
> >MK iterations: 99500
> >UUID: e2aa27d7-d0bf-469a-ad77-0c197a3f2d70
> >
> >Key Slot 0: ENABLED
> > Iterations: 419671
> > Salt: 5c db 57 29 7e 15 fc f7 64 95 c0 78 31 15 08 7d
> > cd 55 a2 f5 39 ba 5f 51 9c 0b 09 c5 a2 51 84 f1
> > Key material offset: 8
> > AF stripes: 4000
> >Key Slot 1: DISABLED
> >Key Slot 2: DISABLED
> >Key Slot 3: DISABLED
> >Key Slot 4: DISABLED
> >Key Slot 5: DISABLED
> >Key Slot 6: DISABLED
> >Key Slot 7: DISABLED
>
> Is it possible that the updates are interfering in any way? What can I do to
> troubleshoot this?
> --
> Regards,
> Ryan Delaney
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. - Plato
^ permalink raw reply [flat|nested] 10+ messages in thread
* [dm-crypt] No key available with this passphrase
@ 2017-04-29 18:27 Hammad Siddiqi
0 siblings, 0 replies; 10+ messages in thread
From: Hammad Siddiqi @ 2017-04-29 18:27 UTC (permalink / raw)
To: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 4333 bytes --]
Hi,.
one of our host, running centos 7.1, crashed today with a kernel panic on
qemu-kvm process. the VM disks were stored on encrypted volume, which
became locked after reboot. the cryptseup luksOpen command throws "No Key
available with this passphrase". The encrypted volume has a 512 bit key
without any password. we also backup our key and both backup and key
residing on server are same. We have tried to by pass current OS by booting
up using live CD of Centos 7.1, Linux Mint 17, Ubuntu 17.04 with different
versions of kernel and crypt setup. this did not succeed. we believe the
key is correct but the Encrypted volume is not accepting it. Can you please
help us on this. Please let me know if you need something else as well
* command used: cryptsetup luksOpen --key-file /etc/luks.key
/dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d raid10-2hs-island
* Host Kernel Version: 3.10.0-229.el7.x86_64
* Host Cryptsetup version: 1.6.6
**output of cryptsetup luksOpen**
**cryptsetup luksOpen --key-file /etc/luks.key
/dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
raid10-2hs-island --verbose --debug**
```
# cryptsetup 1.7.2 processing "cryptsetup luksOpen --key-file /etc/luks.key
/dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d raid10-2hs-island
--verbose --debug"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device
/dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
context.
# Trying to open and read device
/dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
with direct-io.
# Initialising device-mapper backend library.
# Trying to load LUKS1 crypt type from device /dev/disk/by-uuid/92de4358-
d815-496a-8a58-60e55346161d.
# Crypto backend (gcrypt 1.5.3) initialized in cryptsetup library version
1.7.2.
# Detected kernel Linux 3.10.0-229.el7.x86_64 x86_64.
# Reading LUKS header of size 1024 from device /dev/disk/by-uuid/92de4358-
d815-496a-8a58-60e55346161d
# Key length 64, device size 15622799360 sectors, header size 4036 sectors.
# Timeout set to 0 miliseconds.
# Password retry count set to 3.
# Password verification disabled.
# Iteration time set to 2000 miliseconds.
# Password retry count set to 1.
# Activating volume raid10-2hs-island [keyslot -1] using keyfile
/etc/luks.key.
# dm version [ opencount flush ] [16384] (*1)
# dm versions [ opencount flush ] [16384] (*1)
# Detected dm-crypt version 1.13.0, dm-ioctl version 4.29.0.
# Device-mapper backend running with UDEV support enabled.
# dm status raid10-2hs-island [ opencount flush ] [16384] (*1)
# File descriptor passphrase entry requested.
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
# Trying to open key slot 1 [INACTIVE].
# Trying to open key slot 2 [INACTIVE].
# Trying to open key slot 3 [INACTIVE].
# Trying to open key slot 4 [INACTIVE].
# Trying to open key slot 5 [INACTIVE].
# Trying to open key slot 6 [INACTIVE].
# Trying to open key slot 7 [INACTIVE].
No key available with this passphrase.
# Releasing crypt device /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code 1: Operation not permitted
```
**cryptsetup luksDump:**
```
cryptsetup -v luksDump /dev/sdb
LUKS header information for /dev/sdb
Version: 1
Cipher name: aes
Cipher mode: xts-plain64
Hash spec: sha1
Payload offset: 4096
MK bits: 512
MK digest: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
MK salt: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
MK iterations: 36750
UUID: #############################
Key Slot 0: ENABLED
Iterations: 141435
Salt: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXX
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
Command successful.
```
PS: I posted the same email without any subject. Please use this one
Thanks Hammad
[-- Attachment #2: Type: text/html, Size: 5525 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread* [dm-crypt] No key available with this passphrase
@ 2013-06-10 15:40 Packets
2013-06-10 15:42 ` Packets
2013-06-10 20:55 ` Arno Wagner
0 siblings, 2 replies; 10+ messages in thread
From: Packets @ 2013-06-10 15:40 UTC (permalink / raw)
To: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 1725 bytes --]
Hi Guys,
I insert my encrypted usb flash drive and mount it on my ubuntu
workstation. When it was mounted, I tried to format the usb fd using
gparted gui but it did not succeed so I proceed in putting my data on the
mounted usb fd. After putting all my data, I reformat the pc and when it
boot up, I insert the encrypted usb fd. To my surprise, it is no longer
accepting my passphrase (surprise!). I'm sure my passphrase is correct.
Could anyone on the list help me recover my files? Here are some commands
might be relevant to my problem
nelson@kazekage:~$ sudo cryptsetup luksOpen /dev/sdb1 test
[sudo] password for nelson:
Enter passphrase for /dev/sdb1:
No key available with this passphrase.
##################
nelson@kazekage:~$ sudo cryptsetup isLuks /dev/sdb1
[sudo] password for nelson:
nelson@kazekage:~$
##################
nelson@kazekage:~$ sudo cryptsetup luksDump /dev/sdb1
LUKS header information for /dev/sdb1
Version: 1
Cipher name: aes
Cipher mode: cbc-essiv:sha256
Hash spec: sha1
Payload offset: 4096
MK bits: 256
MK digest: 8f 6f 4e ba c1 c2 70 3b 26 e0 41 8c 9b de d4 4b c6 29 65 e4
MK salt: 84 c1 5e 2c 70 d6 2a 0f 2e 79 7b 3f 43 16 60 44
96 d8 bf 93 a7 6e 4a eb a9 94 fd 2d 0d b7 c6 f7
MK iterations: 36750
UUID: f6289fce-a74b-40d8-b93f-e7a210afbf54
Key Slot 0: ENABLED
Iterations: 147405
Salt: 43 d7 f8 b8 2f 0e 51 80 f6 9f 10 72 7e 0a bf 7d
ae 25 89 9a 59 87 62 85 ed 46 73 57 da 47 74 9d
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
[-- Attachment #2: Type: text/html, Size: 3343 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread* Re: [dm-crypt] No key available with this passphrase
2013-06-10 15:40 Packets
@ 2013-06-10 15:42 ` Packets
2013-06-10 18:21 ` Milan Broz
2013-06-10 20:55 ` Arno Wagner
1 sibling, 1 reply; 10+ messages in thread
From: Packets @ 2013-06-10 15:42 UTC (permalink / raw)
To: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 561 bytes --]
I also downloaded the cryptsetup tarball and use the keyslot_checker
script. Here is the output.
nelson@kazekage:~/Downloads/cryptsetup-1.6.1/misc/keyslot_checker$ sudo
./chk_luks_keyslots /dev/sdb1
parameters (commandline and LUKS header):
sector size: 512
threshold: 0.900000
./chk_luks_keyslots: relocation error: ./chk_luks_keyslots: symbol
crypt_keyslot_area, version CRYPTSETUP_1.0 not defined in file
libcryptsetup.so.4 with link time reference
nelson@kazekage:~/Downloads/cryptsetup-1.6.1/misc/keyslot_checker$
Anyone familiar with the error?
[-- Attachment #2: Type: text/html, Size: 769 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [dm-crypt] No key available with this passphrase
2013-06-10 15:42 ` Packets
@ 2013-06-10 18:21 ` Milan Broz
2013-06-22 5:24 ` Packets
0 siblings, 1 reply; 10+ messages in thread
From: Milan Broz @ 2013-06-10 18:21 UTC (permalink / raw)
To: Packets; +Cc: dm-crypt
On 06/10/2013 05:42 PM, Packets wrote:
> I also downloaded the cryptsetup tarball and use the keyslot_checker script. Here is the output.
>
> nelson@kazekage:~/Downloads/cryptsetup-1.6.1/misc/keyslot_checker$ sudo ./chk_luks_keyslots /dev/sdb1
>
> parameters (commandline and LUKS header):
> sector size: 512
> threshold: 0.900000
>
> ./chk_luks_keyslots: relocation error: ./chk_luks_keyslots: symbol crypt_keyslot_area, version CRYPTSETUP_1.0 not defined in file libcryptsetup.so.4 with link time reference
> nelson@kazekage:~/Downloads/cryptsetup-1.6.1/misc/keyslot_checker$
>
> Anyone familiar with the error?
It should use local compiled library (system libcryptsetup seems to be too old).
To properly run locally compiled keyslot checker tool try
cd ~/Downloads/cryptsetup-1.6.1/misc/keyslot_checker
sudo LD_LIBRARY_PATH="../../lib/.libs;$LD_LIBRARY_PATH" ./chk_luks_keyslots /dev/sdb1
Milan
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [dm-crypt] No key available with this passphrase
2013-06-10 18:21 ` Milan Broz
@ 2013-06-22 5:24 ` Packets
2013-06-22 10:32 ` Arno Wagner
0 siblings, 1 reply; 10+ messages in thread
From: Packets @ 2013-06-22 5:24 UTC (permalink / raw)
To: Milan Broz; +Cc: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 1079 bytes --]
On Tue, Jun 11, 2013 at 2:21 AM, Milan Broz <gmazyland@gmail.com> wrote:
> To properly run locally compiled keyslot checker tool try
>
> cd ~/Downloads/cryptsetup-1.6.1/misc/keyslot_checker
> sudo LD_LIBRARY_PATH="../../lib/.libs;$LD_LIBRARY_PATH"
> ./chk_luks_keyslots /dev/sdb1
>
Thanks Milan. Here is the output
nelson@kazekage:~/Downloads/cryptsetup-1.6.1/misc/keyslot_checker$ sudo
LD_LIBRARY_PATH="../../lib/.libs;$LD_LIBRARY_PATH" ./chk_luks_keyslots
/dev/sdb1
parameters (commandline and LUKS header):
sector size: 512
threshold: 0.900000
- processing keyslot 0: start: 0x001000 end: 0x020400
low entropy at: 0x010000 entropy: 0.593573
- processing keyslot 1: keyslot not in use
- processing keyslot 2: keyslot not in use
- processing keyslot 3: keyslot not in use
- processing keyslot 4: keyslot not in use
- processing keyslot 5: keyslot not in use
- processing keyslot 6: keyslot not in use
- processing keyslot 7: keyslot not in use
From the output above, could you tell if there the header is damage? Is my
storage still possible to open?
[-- Attachment #2: Type: text/html, Size: 2065 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [dm-crypt] No key available with this passphrase
2013-06-22 5:24 ` Packets
@ 2013-06-22 10:32 ` Arno Wagner
2013-06-28 11:27 ` Packets
0 siblings, 1 reply; 10+ messages in thread
From: Arno Wagner @ 2013-06-22 10:32 UTC (permalink / raw)
To: dm-crypt
On Sat, Jun 22, 2013 at 01:24:59PM +0800, Packets wrote:
> On Tue, Jun 11, 2013 at 2:21 AM, Milan Broz <gmazyland@gmail.com> wrote:
>
> > To properly run locally compiled keyslot checker tool try
> >
> > cd ~/Downloads/cryptsetup-1.6.1/misc/keyslot_checker
> > sudo LD_LIBRARY_PATH="../../lib/.libs;$LD_LIBRARY_PATH"
> > ./chk_luks_keyslots /dev/sdb1
> >
>
> Thanks Milan. Here is the output
>
> nelson@kazekage:~/Downloads/cryptsetup-1.6.1/misc/keyslot_checker$ sudo
> LD_LIBRARY_PATH="../../lib/.libs;$LD_LIBRARY_PATH" ./chk_luks_keyslots
> /dev/sdb1
>
> parameters (commandline and LUKS header):
> sector size: 512
> threshold: 0.900000
>
> - processing keyslot 0: start: 0x001000 end: 0x020400
> low entropy at: 0x010000 entropy: 0.593573
Definitely header damage in Key-Slot 0.
To find out what the damage is, re-run with -v.
> - processing keyslot 1: keyslot not in use
> - processing keyslot 2: keyslot not in use
> - processing keyslot 3: keyslot not in use
> - processing keyslot 4: keyslot not in use
> - processing keyslot 5: keyslot not in use
> - processing keyslot 6: keyslot not in use
> - processing keyslot 7: keyslot not in use
>
> >From the output above, could you tell if there the header is damage? Is
> > my storage still possible to open?
In any case, you need a header backup to access your data,
this keyslot is permanently broken.
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult. --Tony Hoare
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [dm-crypt] No key available with this passphrase
2013-06-10 15:40 Packets
2013-06-10 15:42 ` Packets
@ 2013-06-10 20:55 ` Arno Wagner
1 sibling, 0 replies; 10+ messages in thread
From: Arno Wagner @ 2013-06-10 20:55 UTC (permalink / raw)
To: dm-crypt
On Mon, Jun 10, 2013 at 11:40:52PM +0800, Packets wrote:
> Hi Guys,
>
> I insert my encrypted usb flash drive and mount it on my ubuntu
> workstation. When it was mounted, I tried to format the usb fd using
> gparted gui but it did not succeed so I proceed in putting my data on the
> mounted usb fd. After putting all my data, I reformat the pc and when it
> boot up, I insert the encrypted usb fd. To my surprise, it is no longer
> accepting my passphrase (surprise!). I'm sure my passphrase is correct.
>
> Could anyone on the list help me recover my files? Here are some commands
> might be relevant to my problem
>
> nelson@kazekage:~$ sudo cryptsetup luksOpen /dev/sdb1 test
> [sudo] password for nelson:
> Enter passphrase for /dev/sdb1:
> No key available with this passphrase.
So it is a LUKS device.
> ##################
>
> nelson@kazekage:~$ sudo cryptsetup isLuks /dev/sdb1
> [sudo] password for nelson:
> nelson@kazekage:~$
This should be run with a "-v" if done interactively.
But your device is a LUKS device, therwise it would
not get as far as it does in luksOpen.
If the keyslot-checker does not find anything (and from what you
describe, it should probably not, just install the library of
1.6.1 as well to get t working as Milan described), it is possible
that you have a keymap or charset problem, see FAQ
http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions
item 1.2. This can happen, for example, when your old system used
some ASCII-Extension, and the new one uses UTF-8 (or the other
way round). The gist of it is that you can have characters
that look exatly the same on-screen, but are represented
differently in binary, for the case of UTF-8 even with
several bytes instead of the one ASCII byte. This can
happen for all characters not in 7 bit ASCII
(http://en.wikipedia.org/wiki/ASCII). For example, a German
u-Umlaut (ü in HTML) is 0xfc in ISO/IEC 8859-1,
but 0xc3 0xbc in UTF-8. Thse do of course map to entirely
different binary passphrases.
If you suspect somethng like this happening, you can try to
change the default encoding.
Or you can try create the right passphrase with a hex-editor
and have cryptsetup read it from file. There are some
details that matter, see the man-page. You may also want to try
it out wth a loop-mountes test LUKS container, see FAQ
item 2.4 on how to make one.
An UTF8 table is here:
http://www.utf8-zeichentabelle.de/
and the ISO tables are here:
http://de.wikipedia.org/wiki/ISO_8859-1
This problem has already bitten several people, hence
the warning in the FAQ. Debian (and derived distros
like Ubuntu, Mint, ...) has recently switched to UTF-8
as default from the plder default ISO tables.
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult. --Tony Hoare
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2017-04-29 18:28 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-06-10 16:37 [dm-crypt] No key available with this passphrase Ryan Delaney
2014-06-11 3:53 ` Arno Wagner
-- strict thread matches above, loose matches on Subject: below --
2017-04-29 18:27 Hammad Siddiqi
2013-06-10 15:40 Packets
2013-06-10 15:42 ` Packets
2013-06-10 18:21 ` Milan Broz
2013-06-22 5:24 ` Packets
2013-06-22 10:32 ` Arno Wagner
2013-06-28 11:27 ` Packets
2013-06-10 20:55 ` Arno Wagner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.