From: Jan Janssen <medhefgo@web.de>
To: Milan Broz <gmazyland@gmail.com>
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] Truecrypt system partition support
Date: Mon, 24 Jun 2013 15:55:16 +0200 [thread overview]
Message-ID: <51C84FC4.3040104@web.de> (raw)
In-Reply-To: <51C7DDBC.9080107@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2738 bytes --]
On 06/24/2013 07:48 AM, Milan Broz wrote:
> Hm, seems like completely different problem.
> I cannot check whats going on without more information here, ideally
> - cryptsetup output with --debug switch
> - tcryptDump (mainly offsets and data sizes stored there)
> - exact sizes of partitions (fdils -l -u, blockdev --getsz /dev/sda* or so)
>
> (but please note it will provide some info which is hidden, do not send it
> if it is problem :-)
Hi,
here's the info. The open log is attached.
TCRYPT header information for /dev/sda
Version: 5
Driver req.: 7
Sector size: 512
MK offset: 106928640
PBKDF2 hash: ripemd160
Cipher chain: aes
Cipher mode: xts-plain64
MK bits: 512
# for i in /dev/sda*; do echo -n "$i: "; sudo blockdev --getsz $i; done
/dev/sda: 120103200
/dev/sda1: 208782
/dev/sda2: 62701695
/dev/sda3: 57192660
# fdisk -l -u
Disk /dev/sda: 61.5 GB, 61492838400 bytes, 120103200 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000bfd29
Device Boot Start End Blocks Id System
/dev/sda1 63 208844 104391 83 Linux
/dev/sda2 * 208845 62910539 31350847+ 7 HPFS/NTFS/exFAT
/dev/sda3 62910540 120103199 28596330 83 Linux
> Ideally I would like to reproduce it, for my encrypted VM on partition
> it works.
> How did you create this config? ANy manipulations with apartitions after
> system reencryption?
I did nothing peculiar to the system. Created the layout with gparted. I
did install grub2, but it also didn't work the truecrypt bootloader.
>>
>> Also, something's off about the --key-file option with tcrypt. I can't
>> get it to accept my password from the file. But if I pipe it with cat
>> to stdin it works. Maybe it's supposed to be this way, but then I think
>> it needs extra mention in the manpage. And maybe there should be a way
>> to provide a --passphrase-file option or something along those lines
>> if the current handling is different to how its handled for luks.
>
> So you are not using Truecrypt keyfile but just passphrase in file,
> so pipe is the correct way. I thought it is explained in man page
> but if not, it need some care. If you have some idea how to describe
> it betrer, just send me a patch.
> (And adding more otpion will cause even more chaos here :)
After re-reading it's a little clearer now. I still miss a way to
supply the passphrase in a file without resorting to piping it to stdin.
It's not an issue for luks since it allows passphrases and keyfiles
together, but truecrypt doesn't allow keyfiles in system mode.
Jan
[-- Attachment #2: tcrypt-open.log --]
[-- Type: text/x-log, Size: 3750 bytes --]
# cryptsetup 1.6.2-git processing "cryptsetup --debug --tcrypt-system tcryptOpen /dev/sda windows"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device /dev/sda context.
# Trying to open and read device /dev/sda.
# Initialising device-mapper backend library.
# STDIN descriptor passphrase entry requested.
# Trying to load TCRYPT crypt type from device /dev/sda.
# Crypto backend (gcrypt 1.5.2) initialized.
# Reading TCRYPT header of size 512 bytes from device /dev/sda.
# TCRYPT: trying KDF: pbkdf2-ripemd160-2000.
# TCRYPT: trying cipher aes-xts-plain64
# TCRYPT: trying cipher serpent-xts-plain64
# TCRYPT: trying cipher twofish-xts-plain64
# TCRYPT: trying cipher twofish-aes-xts-plain64
# TCRYPT: trying cipher serpent-twofish-aes-xts-plain64
# TCRYPT: trying cipher aes-serpent-xts-plain64
# TCRYPT: trying cipher aes-twofish-serpent-xts-plain64
# TCRYPT: trying cipher serpent-twofish-xts-plain64
# TCRYPT: trying cipher aes-lrw-benbi
# TCRYPT: trying cipher serpent-lrw-benbi
# TCRYPT: trying cipher twofish-lrw-benbi
# TCRYPT: trying cipher twofish-aes-lrw-benbi
# TCRYPT: trying cipher serpent-twofish-aes-lrw-benbi
# TCRYPT: trying cipher aes-serpent-lrw-benbi
# TCRYPT: trying cipher aes-twofish-serpent-lrw-benbi
# TCRYPT: trying cipher serpent-twofish-lrw-benbi
# TCRYPT: trying cipher aes-cbc-tcrypt
# TCRYPT: trying cipher serpent-cbc-tcrypt
# TCRYPT: trying cipher twofish-cbc-tcrypt
# TCRYPT: trying cipher twofish-aes-cbci-tcrypt
# TCRYPT: trying cipher serpent-twofish-aes-cbci-tcrypt
# TCRYPT: trying cipher aes-serpent-cbci-tcrypt
# TCRYPT: trying cipher aes-twofish-serpent-cbci-tcrypt
# TCRYPT: trying cipher serpent-twofish-cbci-tcrypt
# TCRYPT: trying cipher cast5-cbc-tcrypt
# TCRYPT: trying cipher des3_ede-cbc-tcrypt
# TCRYPT: trying cipher blowfish_le-cbc-tcrypt
# TCRYPT: trying cipher blowfish_le-aes-cbc-tcrypt
# TCRYPT: trying cipher serpent-blowfish_le-aes-cbc-tcrypt
# TCRYPT: trying KDF: pbkdf2-ripemd160-1000.
# TCRYPT: trying cipher aes-xts-plain64
# TCRYPT: Signature magic detected.
# TCRYPT: Header version: 5, req. 7, sector 512, mk_offset 106928640, hidden_size 0, volume size 32103267840
# TCRYPT: Header cipher aes-xts-plain64, key size 64
# Activating volume windows by volume key.
# dm version OF [16384] (*1)
# dm versions OF [16384] (*1)
# Detected dm-crypt version 1.12.1, dm-ioctl version 4.24.0.
# Device-mapper backend running with UDEV support enabled.
# dm status windows OF [16384] (*1)
# Calculated device size is 62701695 sectors (RW), offset 208845.
# Trying to activate TCRYPT device windows using cipher aes-xts-plain64.
# DM-UUID is CRYPT-TCRYPT-windows
# Udev cookie 0xd4df074 (semid 294912) created
# Udev cookie 0xd4df074 (semid 294912) incremented to 1
# Udev cookie 0xd4df074 (semid 294912) incremented to 2
# Udev cookie 0xd4df074 (semid 294912) assigned to CREATE task(0) with flags (0x0)
# dm create windows CRYPT-TCRYPT-windows OF [16384] (*1)
# dm reload windows OFW [16384] (*1)
device-mapper: reload ioctl on failed: Invalid argument
# Udev cookie 0xd4df074 (semid 294912) decremented to 1
# Udev cookie 0xd4df074 (semid 294912) incremented to 2
# Udev cookie 0xd4df074 (semid 294912) assigned to REMOVE task(2) with flags (0x0)
# dm remove windows OFW [16384] (*1)
# windows: Stacking NODE_DEL [verify_udev]
# Udev cookie 0xd4df074 (semid 294912) decremented to 1
# Udev cookie 0xd4df074 (semid 294912) waiting for zero
# Udev cookie 0xd4df074 (semid 294912) destroyed
# windows: Processing NODE_DEL [verify_udev]
# Releasing crypt device /dev/sda context.
# Releasing device-mapper backend.
# Unlocking memory.
Command successful.
next prev parent reply other threads:[~2013-06-24 13:55 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-20 10:03 [dm-crypt] Truecrypt system partition support Jan Janssen
2013-06-20 16:50 ` Milan Broz
2013-06-21 13:58 ` Jan Janssen
2013-06-23 15:33 ` Milan Broz
2013-06-23 21:06 ` Jan Janssen
2013-06-24 5:48 ` Milan Broz
2013-06-24 13:55 ` Jan Janssen [this message]
2013-06-30 9:11 ` Milan Broz
2013-06-30 11:44 ` Jan Janssen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51C84FC4.3040104@web.de \
--to=medhefgo@web.de \
--cc=dm-crypt@saout.de \
--cc=gmazyland@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox