From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id yFslWt54M_uz for <dm-crypt@saout.de>;
 Fri, 26 Oct 2012 18:37:22 +0200 (CEST)
Received: from mail-ee0-f50.google.com (mail-ee0-f50.google.com [74.125.83.50])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Fri, 26 Oct 2012 18:37:22 +0200 (CEST)
Received: by mail-ee0-f50.google.com with SMTP id c41so1348653eek.37
 for <dm-crypt@saout.de>; Fri, 26 Oct 2012 09:37:22 -0700 (PDT)
Message-ID: <508ABC36.7060407@gmail.com>
Date: Fri, 26 Oct 2012 18:37:10 +0200
From: Milan Broz <gmazyland@gmail.com>
MIME-Version: 1.0
References: <2BF272FBF2F3384F849D44C247B9883A043C71205229@cs-mail.cloudshield.com>
 <508A493A.9030005@dennis.birkholz.biz>
 <2BF272FBF2F3384F849D44C247B9883A043C71205273@cs-mail.cloudshield.com>
In-Reply-To: <2BF272FBF2F3384F849D44C247B9883A043C71205273@cs-mail.cloudshield.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Newbie question --key-file
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: "dm-crypt@saout.de" <dm-crypt@saout.de>

On 10/26/2012 06:27 PM, Li, David wrote:
> Hi Dennis,
> Please see below.
> 
>>> First I did:
>>> /-bash-4.1# cryptsetup --key-file keyfile-1 luksFormat /dev/loop0/
>> ...
>>
>> for me your example works but I have sha256, aes and cbc loaded (which is
>> required as you use aes as crypto-mode, sha256 as hash and cbc as block-mode
>> or what ever it is called). The setup is not proper as you see there is no key slot
>> used.
> 
> 
> [Li, David] Can you explain a little here why key slot wasn't used?
> Why did the luksDump or the blkid result seem to be normal? 

I think there are just missing internal kernel modules.

Cryptsetup internally first generates master key, then writes visible header and then
enables keyslot - and for keyslot write it requires kernel crypto modules.
If last step fails, you end up with LUKS header without any slot enabled.

(The error reporting here is not optimal, still thinking how to get
exact infmation from kernel.
Anyway there is:
"Check that kernel supports aes-cbc-essiv:sha256 cipher (check syslog for more info)."

Did you check syslog?

According to /proc/crypto, you have no aes module, no cbc, no sha256...

Milan