Encrypted device no longer mountable

[nyk]

I use the command "/usr/bin/cryptsetup create secret /dev/loop0" to activate my passphrase protected, encrypted storage device stored in a file.
I've got the command from this howto (http://forums.gentoo.org/viewtopic.php?t=163762).
It worked for a year, but now I get: "Command failed: Invalid argument".
What do I have to change?
Something with cryptsetup seems to have changed, but I don't even find a manpage...

This is the whole script for mounting:

Code: Select all

# !/bin/bash
/sbin/modprobe loop
/sbin/losetup /dev/loop0 /home/vault
/sbin/modprobe dm_crypt
/usr/bin/cryptsetup create secret /dev/loop0
/bin/mount /mnt/vault

[crubb]

At the moment, cryptsetup needs to be linked against libdevmapper.so.1.01, therefore you need to:

Code: Select all

# echo '>=sys-fs/device-mapper-1.02.02' >> /etc/portage/package.mask && emerge device-mapper cryptsetup

Or install the latest cryptsetup snapshot, see: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344313

I filed a bug on bugzilla as well: http://bugs.gentoo.org/show_bug.cgi?id=120802

mfg,
crubb

[Napalm Llama]

I've just encountered the exact same problem:

Code: Select all

splig ~ # cryptsetup -c "aes" -h "ripemd160" -b `blockdev --getsize /dev/sdb6` create bak-sys2 /dev/sdb6
Command failed: Invalid argument

The same thing happens with my other two encrypted partitions.

I tried unmasking and remerging latest device-mapper and cryptsetup-luks but it didn't made any difference.

I also tried replacing `blockdev --getsize /dev/sdb6` with its output if run separately - and I'm sure that it really is /dev/sdb6 I'm looking at (the unencrypted /dev/sdb2 on the same disk is mounted quite happily).

The one thing that might have triggered it is the emerge -e world I performed yesterday, but I don't know why unless the package dependancies are somehow broken.

Does anyone know what's going on?
Cheers

[Napalm Llama]

Ah, the problem seems to be with cryptsetup-luks. I unmerged that and remerged plain ol' cryptsetup and everything seems to work fine.
In my Googling I found that Debian has a similar issue, so maybe it's upstream? I'm thinking that perhaps cryptsetup-luks should be masked until it's definately been fixed...

[bartek]

I have encrypted my home partition with cryptsetup too. Now when kde-3.5 needs cryptsetup-luks I have to unmerge cryptsetup-luks and emerge cryptsetup every time I have to mount my home partition because when I emerge -u world cryptsetup-luks is blocked by cryptsetup so I have to unmerge cryptsetup. Is there any option to make cryptsetup-luks working with my encrypted partition or do I have to emerge and unmerge cryptsetup/cryptsetup-luks till the end of my life?

[Napalm Llama]

The latest ~arch cryptsetup-luks now works.

Do this (as root):

Code: Select all

echo "=sys-fs/cryptsetup-luks-1.0* ~x86" >> /etc/portage/package.keywords
emerge -C cryptsetup
emerge cryptsetup-luks

...modifying the "~x86" on the first line to fit your arch.

[yem]

-luks has broken my dm-crypt setup too:

Code: Select all

duck ~ # losetup /dev/loop0 /home/zach.encrypted           
duck ~ # losetup /dev/loop0
/dev/loop0: [0304]:1354592 (/home/zach.encrypted)
duck ~ # /bin/cryptsetup isLuks /dev/loop0
/dev/loop0 is not a LUKS partition
duck ~ # KEY=`openssl aes-256-ecb -d -in /home/zach.key.encrypted`       
enter aes-256-ecb decryption password:
duck ~ # echo "$KEY" | /bin/cryptsetup -c aes -h ripemd160 -s 256 create _home_zach.encrypted /dev/loop0
duck ~ # mount -o ro -t ext3 /dev/mapper/_home_zach.encrypted /home/zach
mount: wrong fs type, bad option, bad superblock on /dev/mapper/_home_zach.encrypted,
       missing codepage or other error 
..
duck linux # dd if=/dev/mapper/_home_zach.encrypted bs=1M count=1 | file -
1+0 records in
1+0 records out
1048576 bytes (1.0 MB) copied, 0.050551 seconds, 20.7 MB/s
/dev/stdin: data
vs 
duck linux # dd if=/dev/hda4 bs=1M count=1 | file -
1+0 records in
1+0 records out
1048576 bytes (1.0 MB) copied, 0.005728 seconds, 183 MB/s
/dev/stdin: Linux rev 1.0 ext3 filesystem data (needs journal recovery) (large files)

sys-fs/cryptsetup-luks-1.0.3-r2
switch back to sys-fs/cryptsetup-0.1-r3 and it decrypts perfectly.

The -luks encryption does not appear to be backward compatible with that created by the old cryptsetup.

[Napalm Llama]

Hmm, I don't recognise a lot of those commands. Here's a (simplified) extract from my backup script (which is also the script that handles dm-crypt/cryptsetup[-luks]):

Code: Select all

--- SNIP ---

# Is something already mounted at $MOUNTPOINT?
if grep -q $MOUNTPOINT /etc/mtab
then
        # Is the shell interactive?
        if [ -z "$PS1" ]; then
                echo
                echo "A filesystem is already mounted on $MOUNTPOINT,"
                echo "the mountpoint for the profile specified."
                echo
                echo "You must unmount it before dobackup can continue."
                exit 1
        else
                echo
                echo "A filesystem is already mounted on $MOUNTPOINT,"
                echo "the mountpoint for the profile specified."
                echo
                echo "Shall I attempt to unmount it? (y/n)"

                read USR_UMOUNT

                if [ $USR_UMOUNT = "y" ]
                then
                        if umount $MOUNTPOINT
                        then
                                echo "$MOUNTPOINT was succesfully unmounted."
                                echo "dobackup will now continue."
                        else
                                echo
                                echo "$MOUNTPOINT could not be unmounted."
                                echo "You must unmount it manually before dobackup can continue."
                                exit 1
                        fi
                else
                        echo
                        echo "dobackup needs a clear mountpoint on $MOUNTPOINT"
                        echo "to run the $CRYPTNAME profile."
                        echo
                        echo "dobackup will now exit."
                        exit 1
                fi
        fi
fi

# Remove any previous device
if [ -b /dev/mapper/$CRYPTNAME ]
then
        cryptsetup remove $CRYPTNAME
fi

# Create the new one
echo "Please enter the password for $CRYPTNAME."
cryptsetup -c "$CRYPT_CIPHER" -h "$CRYPT_HASH" -b `blockdev --getsize $BLOCKDEV` create $CRYPTNAME $BLOCKDEV
echo

# (Attempt to) mount it, and check the results
if mount /dev/mapper/$CRYPTNAME $MOUNTPOINT
then
        echo "Backup partition $CRYPTNAME ready!"
        echo
else
        echo
        echo "********************************************"
        echo " $CRYPTNAME - ERROR!                        "
        echo " The backup partition could not be mounted! "
        echo " Did you type the right password?           "
        echo "                                            "
        echo " dobackup will now exit.                    "
        echo "********************************************"
        exit 1
fi

--- SNIP ---

To unmount it, I just "umount $MOUNTPOINT" then "cryptsetup remove $CRYPTNAME"

Try the method I've been using - I know for certain that it works with both vanilla sys-fs/cryptsetup and >=sys-fs/cryptsetup-luks-1.0* because I used it yesterday.

[Princess Nell]

I have no problems here with cryptsetup-luks-1.0.3-r2, but then I'm not using a loop device,
and I'm not using the LUKS extensions (which I was planning to - maybe I'll postpone this for
little while ...).