[dm-crypt] luksAddKey successful but not working

Arno Wagner arno at wagner.name
Wed May 22 17:00:44 CEST 2013


No Problem. I would suggest reading the FAQ 

  http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions

and the man-page. Takes a while, but afterwards you should understand
how things work. Muy experience with "instructions" is that they
fail as soon as something is not quite as expected and are absolutely
no replacement for getting your own expertise.

Arno

On Wed, May 22, 2013 at 10:48:52AM -0400, leam hall wrote:
> Hey Arno, thanks! None of the instructions I found talked about manually
> editing the keyfile with the key. That's why I thought luksAddKey created
> the file.
> 
> So far I'm not doing great with this. Either the /dev/sda partition isn't
> able to be mounted or /dev/mapper/luks isn't viewed as a LUKS partition.
> 
> 
> 
> On Wed, May 22, 2013 at 10:33 AM, Arno Wagner <arno at wagner.name> wrote:
> 
> > A look into the man-page of cryptsetup shows that luksAddKey does
> > not write the key-file, but reads it. I am surprised though that
> > cryptsetup does not complain that the file is missing. With my
> > system (cryptsetup 1.6.0) it does:
> >
> > # cryptsetup luksAddKey /dev/loop0 keyfile
> > Enter any passphrase:
> > Failed to open key file.    <---
> > #
> >
> > Have you created "keyfile" before? If so, you just added the empty
> > passphrase to your device, something you probably do not want to do.
> >
> > Arno
> >
> > On Wed, May 22, 2013 at 08:50:22AM -0400, leam hall wrote:
> > > Help! I've nearly broken my desk banging my head against this problem. I
> > am
> > > using Red Hat 5.9 base install and trying to set the LUKS volume to come
> > > on-line on boot.
> > >
> > > The volume can be manually mounted. However, when I try to create the key
> > > file it becomes a 0 length file and does not work when the system boots.
> > >
> > > cryptsetup luksAddKey /dev/sda2 keyfile
> > > Enter any LUKS passphrase:
> > > Verify passphrase:
> > > key slot 0 unlocked.
> > > Command successful.
> > >
> > >
> > > ls -lart keyfile
> > > -rw------- 1 root root 0 May 22 08:42 keyfile
> > >
> > >
> > > cat /etc/crypttab
> > > luks /dev/sda2 /root/keyfile luks
> > >
> > >
> > > This is probably operator error but I'm not sure where to look. Any help
> > > appreciated!
> > >
> > > Leam
> > >
> > >
> > >
> > > --
> > > Mind on a Mission <http://leamhall.blogspot.com/>
> >
> > > _______________________________________________
> > > dm-crypt mailing list
> > > dm-crypt at saout.de
> > > http://www.saout.de/mailman/listinfo/dm-crypt
> >
> >
> > --
> > Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
> > GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
> > ----
> > There are two ways of constructing a software design: One way is to make it
> > so simple that there are obviously no deficiencies, and the other way is to
> > make it so complicated that there are no obvious deficiencies. The first
> > method is far more difficult.  --Tony Hoare
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt at saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
> >
> 
> 
> 
> -- 
> Mind on a Mission <http://leamhall.blogspot.com/>

> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare


More information about the dm-crypt mailing list