Unable to use a keyfile

Cryptsetup development
 help / color / mirror / Atom feed

* Unable to use a keyfile
@ 2026-04-11 18:50 j4ck32
  2026-04-11 21:21 ` Milan Broz
  0 siblings, 1 reply; 4+ messages in thread
From: j4ck32 @ 2026-04-11 18:50 UTC (permalink / raw)
  To: cryptsetup

Hello,

I have a strange problem with my LUKS setup.

I can successfully add a keyfile to my LUKS container, but when I try
to open the container with it the keyfile is rejected.
I made many attempts with different iterations, but the result is
always the same.

short version:
livecd /mnt # dd if=/dev/urandom of=/root/key_new bs=64 count=1
1+0 records in
1+0 records out
64 bytes copied, 6.3416e-05 s, 1.0 MB/s

livecd /mnt # cryptsetup luksAddKey /dev/md126 /root/key_new
Enter any existing passphrase:

livecd /mnt # cryptsetup luksOpen /dev/md126 temp --key-file /root/key_new
No key available with this passphrase.

background:
I have two raid 1s "root" and "files". root gets decrypted on boot and
contains a key to files.
root had filesystem errors and the files container would no longer
open with the keyfile.
I fixed the root file system and tried to unlock the file container
with the existing key_file.
Sometimes the existing keyfile would work, sometimes it would work
when the container was first unlocked
with the passphrase and closed. Now the existing key_file refuses to
work at all. passphrase always works.

Then I switched strategies and wanted to add a new key_file like
above. I am long on a live system booted from usb,
so the issues from the original root should not contribute.

The raids are healthy, smartdata is good, and the filesystem is checked.

long version:
livecd /mnt # cryptsetup luksDump /dev/md126
LUKS header information
Version:        2
Epoch:          12
Metadata area:  16384 [bytes]
Keyslots area:  16744448 [bytes]
UUID:           d37b8c3e-7e51-417d-a3f4-41dd6d981966
Label:          (no label)
Subsystem:      (no subsystem)
Flags:          (no flags)

Data segments:
  0: crypt
        offset: 16777216 [bytes]
        length: (whole device)
        cipher: aes-xts-plain64
        sector: 512 [bytes]

Keyslots:
  0: luks2
        Key:        512 bits
        Priority:   normal
        Cipher:     aes-xts-plain64
        Cipher key: 512 bits
        PBKDF:      argon2i
        Time cost:  4
        Memory:     184084
        Threads:    4
        Salt:       ...
        AF stripes: 4000
        AF hash:    sha256
        Area offset:32768 [bytes]
        Area length:258048 [bytes]
        Digest ID:  0
  1: luks2
        Key:        512 bits
        Priority:   normal
        Cipher:     aes-xts-plain64
        Cipher key: 512 bits
        PBKDF:      argon2id
        Time cost:  4
        Memory:     1048576
        Threads:    4
        Salt:       ...
        AF stripes: 4000
        AF hash:    sha256
        Area offset:290816 [bytes]
        Area length:258048 [bytes]
        Digest ID:  0
Tokens:
Digests:
  0: pbkdf2
        Hash:       sha256
        Iterations: 19140
        Salt:       ...
        Digest:     ...

livecd /mnt # dd if=/dev/urandom of=/root/key_new bs=64 count=1
1+0 records in
1+0 records out
64 bytes copied, 7.8571e-05 s, 815 kB/s

livecd /mnt # cryptsetup -v --debug luksAddKey /dev/md126 /root/key_new
# cryptsetup 2.7.5 processing "cryptsetup -v --debug luksAddKey
/dev/md126 /root/key_new"
# Verifying parameters for command luksAddKey.
# Running command luksAddKey.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/md126.
# Trying to open and read device /dev/md126 with direct-io.
# Direct-io is supported and works.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /dev/md126.
# Crypto backend (OpenSSL 3.3.2 3 Sep 2024
[default][legacy][threads][argon2]) initialized in cryptsetup library
version 2.7.5.
# Detected kernel Linux 6.6.74 x86_64.
# Loading LUKS2 header (repair disabled).
# Acquiring read lock for device /dev/md126.
# Opening lock resource file /run/cryptsetup/L_9:126
# Verifying lock handle for /dev/md126.
# Device /dev/md126 READ lock taken.
# Trying to read primary LUKS2 header at offset 0x0.
# Opening locked device /dev/md126
# Verifying locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:de769906d3be7ed904ba290989bc621e2d9b4b069442a503204d9f39abca5361
(on-disk)
# Checksum:de769906d3be7ed904ba290989bc621e2d9b4b069442a503204d9f39abca5361
(in-memory)
# Trying to read secondary LUKS2 header at offset 0x4000.
# Reusing open ro fd on device /dev/md126
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:b87ffc10e5dab50c5e956c7f9d7e3591902c2e50dc0fe3fbc6f8087ad5bb08f4
(on-disk)
# Checksum:b87ffc10e5dab50c5e956c7f9d7e3591902c2e50dc0fe3fbc6f8087ad5bb08f4
(in-memory)
# Device size 7942915293184, offset 16777216.
# Device /dev/md126 READ lock released.
# PBKDF argon2id, time_ms 2000 (iterations 0), max_memory_kb 1048576,
parallel_threads 4.
# PBKDF argon2id, time_ms 2000 (iterations 0), max_memory_kb 1048576,
parallel_threads 4.
# Interactive passphrase entry requested.
Enter any existing passphrase:
# Checking volume passphrase [keyslot -1] using passphrase.
# Keyslot 0 priority 1 != 2 (required), skipped.
# Keyslot 1 priority 1 != 2 (required), skipped.
# Trying to open LUKS2 keyslot 0.
# Running keyslot key derivation.
# Reading keyslot area [0x8000].
# Acquiring read lock for device /dev/md126.
# Opening lock resource file /run/cryptsetup/L_9:126
# Verifying lock handle for /dev/md126.
# Device /dev/md126 READ lock taken.
# Reusing open ro fd on device /dev/md126
# Device /dev/md126 READ lock released.
# Verifying key from keyslot 0, digest 0.
# dm version   [ opencount flush ]   [16384] (*1)
# dm versions   [ opencount flush ]   [16384] (*1)
# Detected dm-ioctl version 4.48.0.
# Detected dm-crypt version 1.24.0.
# Detected dm-zero version 1.2.0.
# Device-mapper backend running with UDEV support enabled.
Key slot 0 unlocked.
# Adding new keyslot -1 by keyfile, volume key provided by passphrase (-1).
# Selected keyslot 2.
# Keyslot 0 priority 1 != 2 (required), skipped.
# Keyslot 1 priority 1 != 2 (required), skipped.
# Trying to open LUKS2 keyslot 0.
# Running keyslot key derivation.
# Reading keyslot area [0x8000].
# Acquiring read lock for device /dev/md126.
# Opening lock resource file /run/cryptsetup/L_9:126
# Verifying lock handle for /dev/md126.
# Device /dev/md126 READ lock taken.
# Reusing open ro fd on device /dev/md126
# Device /dev/md126 READ lock released.
# Verifying key from keyslot 0, digest 0.
# Keyslot 2 assigned to digest 0.
# Trying to allocate LUKS2 keyslot 2.
# Found area 548864 -> 806912
# Running argon2id() benchmark.
# PBKDF benchmark: memory cost = 65536, iterations = 4, threads = 4
(took 163 ms)
# PBKDF benchmark: memory cost = 100515, iterations = 4, threads = 4
(took 243 ms)
# PBKDF benchmark: memory cost = 103410, iterations = 4, threads = 4
(took 220 ms)
# PBKDF benchmark: memory cost = 117511, iterations = 4, threads = 4
(took 316 ms)
# PBKDF benchmark: memory cost = 743740, iterations = 4, threads = 4
(took 1341 ms)
# Benchmark returns argon2id() 4 iterations, 1048576 memory, 4 threads
(for 512-bits key).
# Calculating attributes for LUKS2 keyslot 2.
# Acquiring write lock for device /dev/md126.
# Opening lock resource file /run/cryptsetup/L_9:126
# Verifying lock handle for /dev/md126.
# Device /dev/md126 WRITE lock taken.
# Checking context sequence id matches value stored on disk.
# Reusing open ro fd on device /dev/md126
# Running keyslot key derivation.
# Updating keyslot area [0x86000].
# Opening locked device /dev/md126
# Verifying locked device handle (bdev)
# Device size 7942915293184, offset 16777216.
# Device /dev/md126 WRITE lock already held.
# Trying to write LUKS2 header (16384 bytes) at offset 0.
# Reusing open rw fd on device /dev/md126
# Checksum:121cca8db7794c007ade712398606772bbbab9b964a1a4f2cbcba4a66dd5d6ae
(in-memory)
# Trying to write LUKS2 header (16384 bytes) at offset 16384.
# Reusing open rw fd on device /dev/md126
# Checksum:21274d07ebb492fb4d1e5b6ae3fddb82bff764572d1f9e3795bfa9352801a712
(in-memory)
# Device /dev/md126 WRITE lock released.
Key slot 2 created.
# Releasing crypt device /dev/md126 context.
# Releasing device-mapper backend.
# Closing read only fd for /dev/md126.
# Closing read write fd for /dev/md126.
Command successful.

livecd /mnt # cryptsetup -v --debug luksOpen /dev/md126 files
--key-file /root/key_new
# cryptsetup 2.7.5 processing "cryptsetup -v --debug luksOpen
/dev/md126 files --key-file /root/key_new"
# Verifying parameters for command open.
# Running command open.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/md126.
# Trying to open and read device /dev/md126 with direct-io.
# Direct-io is supported and works.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /dev/md126.
# Crypto backend (OpenSSL 3.3.2 3 Sep 2024
[default][legacy][threads][argon2]) initialized in cryptsetup library
version 2.7.5.
# Detected kernel Linux 6.6.74 x86_64.
# Loading LUKS2 header (repair disabled).
# Acquiring read lock for device /dev/md126.
# Opening lock resource file /run/cryptsetup/L_9:126
# Verifying lock handle for /dev/md126.
# Device /dev/md126 READ lock taken.
# Trying to read primary LUKS2 header at offset 0x0.
# Opening locked device /dev/md126
# Verifying locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:121cca8db7794c007ade712398606772bbbab9b964a1a4f2cbcba4a66dd5d6ae
(on-disk)
# Checksum:121cca8db7794c007ade712398606772bbbab9b964a1a4f2cbcba4a66dd5d6ae
(in-memory)
# Trying to read secondary LUKS2 header at offset 0x4000.
# Reusing open ro fd on device /dev/md126
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:21274d07ebb492fb4d1e5b6ae3fddb82bff764572d1f9e3795bfa9352801a712
(on-disk)
# Checksum:21274d07ebb492fb4d1e5b6ae3fddb82bff764572d1f9e3795bfa9352801a712
(in-memory)
# Device size 7942915293184, offset 16777216.
# Device /dev/md126 READ lock released.
# PBKDF argon2id, time_ms 2000 (iterations 0), max_memory_kb 1048576,
parallel_threads 4.
# Activating volume files [keyslot -1] using token.
# dm version   [ opencount flush ]   [16384] (*1)
# dm versions   [ opencount flush ]   [16384] (*1)
# Detected dm-ioctl version 4.48.0.
# Detected dm-crypt version 1.24.0.
# Detected dm-zero version 1.2.0.
# Device-mapper backend running with UDEV support enabled.
# dm status files  [ opencount noflush ]   [16384] (*1)
No usable token is available.
# File descriptor passphrase entry requested.
# Activating volume files [keyslot -1] using passphrase.
# dm versions   [ opencount flush ]   [16384] (*1)
# dm status files  [ opencount noflush ]   [16384] (*1)
# Keyslot 0 priority 1 != 2 (required), skipped.
# Keyslot 1 priority 1 != 2 (required), skipped.
# Keyslot 2 priority 1 != 2 (required), skipped.
# Trying to open LUKS2 keyslot 0.
# Running keyslot key derivation.
# Reading keyslot area [0x8000].
# Acquiring read lock for device /dev/md126.
# Opening lock resource file /run/cryptsetup/L_9:126
# Verifying lock handle for /dev/md126.
# Device /dev/md126 READ lock taken.
# Reusing open ro fd on device /dev/md126
# Device /dev/md126 READ lock released.
# Verifying key from keyslot 0, digest 0.
# Digest 0 (pbkdf2) verify failed with -1.
# Trying to open LUKS2 keyslot 1.
# Running keyslot key derivation.
# Reading keyslot area [0x47000].
# Acquiring read lock for device /dev/md126.
# Opening lock resource file /run/cryptsetup/L_9:126
# Verifying lock handle for /dev/md126.
# Device /dev/md126 READ lock taken.
# Reusing open ro fd on device /dev/md126
# Device /dev/md126 READ lock released.
# Verifying key from keyslot 1, digest 0.
# Digest 0 (pbkdf2) verify failed with -1.
# Trying to open LUKS2 keyslot 2.
# Running keyslot key derivation.
# Reading keyslot area [0x86000].
# Acquiring read lock for device /dev/md126.
# Opening lock resource file /run/cryptsetup/L_9:126
# Verifying lock handle for /dev/md126.
# Device /dev/md126 READ lock taken.
# Reusing open ro fd on device /dev/md126
# Device /dev/md126 READ lock released.
# Verifying key from keyslot 2, digest 0.
# Digest 0 (pbkdf2) verify failed with -1.
No key available with this passphrase.
# Releasing crypt device /dev/md126 context.
# Releasing device-mapper backend.
# Closing read only fd for /dev/md126.
Command failed with code -2 (no permission or bad passphrase).

Any ideas?

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Unable to use a keyfile
  2026-04-11 18:50 Unable to use a keyfile j4ck32
@ 2026-04-11 21:21 ` Milan Broz
  2026-04-12  8:09   ` j4ck32
  0 siblings, 1 reply; 4+ messages in thread
From: Milan Broz @ 2026-04-11 21:21 UTC (permalink / raw)
  To: j4ck32, cryptsetup

On 4/11/26 8:50 PM, j4ck32 wrote:
> Hello,
> 
> I have a strange problem with my LUKS setup.
> 
> I can successfully add a keyfile to my LUKS container, but when I try
> to open the container with it the keyfile is rejected.
> I made many attempts with different iterations, but the result is
> always the same.

This should work. Could you try to add "--pbkdf pbkdf2" for luksAddKey?

This will use old PBKDF2 (as in LUKS1) for keyslots.

If it works, I strongly suspect you have issues with hardware.
Specifically if you say "sometimes it works" - this must work always,
it is a deterministic algorithm.

I have seen this several times (note new keyslot use a lot of more memory
that could trigger the issue).

Milan

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Unable to use a keyfile
  2026-04-11 21:21 ` Milan Broz
@ 2026-04-12  8:09   ` j4ck32
  2026-04-12  8:40     ` Milan Broz
  0 siblings, 1 reply; 4+ messages in thread
From: j4ck32 @ 2026-04-12  8:09 UTC (permalink / raw)
  To: Milan Broz; +Cc: cryptsetup

memtest86 immediately failed...
I did multiple test runs and determined one of the two modules failed.
So I removed the faulty module...
Now my system accepts the original key-file again.
And adding new key-files works again.

Am Sa., 11. Apr. 2026 um 23:21 Uhr schrieb Milan Broz <gmazyland@gmail.com>:
> This should work. Could you try to add "--pbkdf pbkdf2" for luksAddKey?

I skipped that. Now that the issue is fixed.

So using a key-file uses more memory than a passphrase?

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Unable to use a keyfile
  2026-04-12  8:09   ` j4ck32
@ 2026-04-12  8:40     ` Milan Broz
  0 siblings, 0 replies; 4+ messages in thread
From: Milan Broz @ 2026-04-12  8:40 UTC (permalink / raw)
  To: j4ck32; +Cc: cryptsetup

On 4/12/26 10:09 AM, j4ck32 wrote:
> memtest86 immediately failed...
> I did multiple test runs and determined one of the two modules failed.
> So I removed the faulty module...
> Now my system accepts the original key-file again.
> And adding new key-files works again.
> 
> Am Sa., 11. Apr. 2026 um 23:21 Uhr schrieb Milan Broz <gmazyland@gmail.com>:
>> This should work. Could you try to add "--pbkdf pbkdf2" for luksAddKey?
> 
> I skipped that. Now that the issue is fixed.
> 
> So using a key-file uses more memory than a passphrase?

No, a keyfile is processed the same way as passphrases.
But your previous passphrase (keyslot 0) used less memory.

With PBKDF2, the memory footprint is even smaller, just a few kilobytes.

It is only about probability & luck - passphrase could fail the same way.
Argon2 KDF is just a quite good memory pressure test :)

Milan


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2026-04-12  8:40 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-11 18:50 Unable to use a keyfile j4ck32
2026-04-11 21:21 ` Milan Broz
2026-04-12  8:09   ` j4ck32
2026-04-12  8:40     ` Milan Broz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox