From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] (no subject)
Date: Sat, 29 Apr 2017 20:30:37 +0200 [thread overview]
Message-ID: <20170429183037.GA22169@tansi.org> (raw)
In-Reply-To: <CABE8nt-Z5=FV8RYc6_2t9ykpDEKDmTXaQYxxYm8Jp-SojJfCSg@mail.gmail.com>
Hi Hammad,
sounds like your one key-slot might have been damaged.
Please run the keyslot-checker found in misc/keyslot_checker
of the source package and report the results.
Regards,
Arno
On Sat, Apr 29, 2017 at 19:48:15 CEST, Hammad Siddiqi wrote:
> Hi,No key available with this passphrase.
> one of our host, running centos 7.1, crashed today with a kernel panic
> on qemu-kvm process. the VM disks were stored on encrypted volume,
> which became locked after reboot. the cryptseup luksOpen command
> throws "No Key available with this passphrase". The encrypted volume
> has a 512 bit key without any password. we also backup our key and both
> backup and key residing on server are same. We have tried to by pass
> current OS by booting up using live CD of Centos 7.1, Linux Mint 17,
> Ubuntu 17.04 with different versions of kernel and crypt setup. this
> did not succeed. we believe the key is correct but the Encrypted volume
> is not accepting it. Can you please help us on this. Please let me know
> if you need something else as well
> * command used: cryptsetup luksOpen --key-file /etc/luks.key
> /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
> raid10-2hs-island
> * Host Kernel Version: 3.10.0-229.el7.x86_64
> * Host Cryptsetup version: 1.6.6
> **output of cryptsetup luksOpen**
> **cryptsetup luksOpen --key-file /etc/luks.key
> /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
> raid10-2hs-island --verbose --debug**
> ```
> # cryptsetup 1.7.2 processing "cryptsetup luksOpen --key-file
> /etc/luks.key /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
> raid10-2hs-island --verbose --debug"
> # Running command open.
> # Locking memory.
> # Installing SIGINT/SIGTERM handler.
> # Unblocking interruption on signal.
> # Allocating crypt device
> /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d context.
> # Trying to open and read device
> /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d with direct-io.
> # Initialising device-mapper backend library.
> # Trying to load LUKS1 crypt type from device
> /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d.
> # Crypto backend (gcrypt 1.5.3) initialized in cryptsetup library
> version 1.7.2.
> # Detected kernel Linux 3.10.0-229.el7.x86_64 x86_64.
> # Reading LUKS header of size 1024 from device
> /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
> # Key length 64, device size 15622799360 sectors, header size 4036
> sectors.
> # Timeout set to 0 miliseconds.
> # Password retry count set to 3.
> # Password verification disabled.
> # Iteration time set to 2000 miliseconds.
> # Password retry count set to 1.
> # Activating volume raid10-2hs-island [keyslot -1] using keyfile
> /etc/luks.key.
> # dm version [ opencount flush ] [16384] (*1)
> # dm versions [ opencount flush ] [16384] (*1)
> # Detected dm-crypt version 1.13.0, dm-ioctl version 4.29.0.
> # Device-mapper backend running with UDEV support enabled.
> # dm status raid10-2hs-island [ opencount flush ] [16384] (*1)
> # File descriptor passphrase entry requested.
> # Trying to open key slot 0 [ACTIVE_LAST].
> # Reading key slot 0 area.
> # Using userspace crypto wrapper to access keyslot area.
> # Trying to open key slot 1 [INACTIVE].
> # Trying to open key slot 2 [INACTIVE].
> # Trying to open key slot 3 [INACTIVE].
> # Trying to open key slot 4 [INACTIVE].
> # Trying to open key slot 5 [INACTIVE].
> # Trying to open key slot 6 [INACTIVE].
> # Trying to open key slot 7 [INACTIVE].
> No key available with this passphrase.
> # Releasing crypt device
> /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d context.
> # Releasing device-mapper backend.
> # Unlocking memory.
> Command failed with code 1: Operation not permitted
> ```
> **cryptsetup luksDump:**
> ```
> cryptsetup -v luksDump /dev/sdb
> LUKS header information for /dev/sdb
> Version: 1
> Cipher name: aes
> Cipher mode: xts-plain64
> Hash spec: sha1
> Payload offset: 4096
> MK bits: 512
> MK digest: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> MK salt: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> MK iterations: 36750
> UUID: #############################
> Key Slot 0: ENABLED
> Iterations: 141435
> Salt:
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> Key material offset: 8
> AF stripes: 4000
> Key Slot 1: DISABLED
> Key Slot 2: DISABLED
> Key Slot 3: DISABLED
> Key Slot 4: DISABLED
> Key Slot 5: DISABLED
> Key Slot 6: DISABLED
> Key Slot 7: DISABLED
> Command successful.
> ```
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
next prev parent reply other threads:[~2017-04-29 18:30 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-29 17:48 [dm-crypt] (no subject) Hammad Siddiqi
2017-04-29 18:30 ` Arno Wagner [this message]
2017-04-29 19:19 ` Hammad Siddiqi
2017-05-01 17:37 ` Hammad Siddiqi
2017-05-01 18:45 ` Michael Kjörling
2017-05-01 21:01 ` Arno Wagner
2017-05-02 0:29 ` Diagon
2017-05-02 20:49 ` Arno Wagner
-- strict thread matches above, loose matches on Subject: below --
2016-06-18 21:40 RAS RAS
2016-06-20 7:52 ` Milan Broz
[not found] ` <1466423154.44272313@f313.i.mail.ru>
2016-06-20 12:02 ` Milan Broz
2015-05-04 14:50 janemba
2015-05-04 16:41 ` Arno Wagner
2014-02-07 13:51 Redwood Hyd
2013-03-17 21:30 .. ink ..
2012-12-29 22:22 .. ink ..
2012-12-29 22:46 ` Milan Broz
2012-12-29 23:15 ` .. ink ..
2012-12-29 23:39 ` Milan Broz
2012-12-29 23:53 ` .. ink ..
2012-12-30 7:12 ` .. ink ..
2012-12-30 9:05 ` Milan Broz
2012-12-30 9:19 ` .. ink ..
2012-12-30 10:51 ` Milan Broz
2012-12-30 11:49 ` .. ink ..
2012-10-10 21:11 ffrizzy
2012-10-10 21:09 ffrizzy
2012-10-10 23:13 ` Claudio Moretti
2012-10-09 6:24 ffrizzy
2012-10-09 6:21 ffrizzy
2012-09-04 1:20 Anil
2012-09-04 1:29 ` Arno Wagner
2011-09-18 10:58 Ingo Schmitt
2011-03-09 2:04 Rookcifer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170429183037.GA22169@tansi.org \
--to=arno@wagner.name \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox