[dm-crypt] Problem with LUKS, No key available with this passphrase.

Arno Wagner arno at wagner.name
Thu Oct 10 00:21:37 CEST 2013


Hmm. Two ideas:

1. Are the passprases for / and /home different, and if so 
   do you have any non standard ASCII characters in your passphrase?

2. Run the keyslot-checker on your sdb2. The isLuks test cannot find
   keyslot corruption. (It is in misc/keyslot_checker in th source
   package and needs a current libcryptsetup)

Arno

On Wed, Oct 09, 2013 at 08:12:55PM +0200, Piotr Kaczmarski wrote:
> Hello,
> 
> I worked on standard, fresh Fedora 19 installation, had disk encrypted with
> Luks, default installer setup using lvm:
> 
> Short after reboot (I mounted encrypted hdd to other computer using
> cryptsetup -luksOpen ~~, copied some data and reboot, didn't unmount it
> correctly) I met a problem:
> 
> All system partition except /dev/sdb2 (home) are accessible during boot
> normally - password for / and swap is accepted. But system does not start;
> after accepting passphrase normal way, it asks next about pass for /home
> partition - few times, and next drop into emergency shell. I 100% sure that
> I provide correct password, root and swap partition are mounted correctly.
> 
> It look as:
> 
> fdisk -l
> Urządzenie Rozruch   Początek      Koniec   Bloków   ID  System
> /dev/sdb1   *        2048     1026047      512000   83  Linux
> /dev/sdb2         1026048   867686399   433330176   83  Linux
> /dev/sdb3       867686400   972543999    52428800   83  Linux
> /dev/sdb4       972544000   976773119     2114560    5  Extended
> /dev/sdb5       972548096   976773119     2112512   83  Linux
> 
> 
> I tried to unlock /dev/sdb2 partiton from second computer (also Fedora 19,
> both system updated daily), using cryptsetup, eg.
> 
> [root at localhost piotr]# cryptsetup luksOpen /dev/sdb3 c1
> Enter passphrase for /dev/sdb3:
> and is ok, I can mount it, but:
> 
> root at localhost piotr]# cryptsetup luksOpen /dev/sdb2 c2
> Enter passphrase for /dev/sdb2:
> No key available with this passphrase.
> Enter passphrase for /dev/sdb2:
> No key available with this passphrase.
> Enter passphrase for /dev/sdb2:
> No key available with this passphrase.
> [root at localhost piotr]#
> 
> for /dev/sdb2 i have "No key available with this passphrase" message
> 
> Luks partition seems to be correct:
> 
> root at localhost piotr]# cryptsetup -v isLuks /dev/sdb2
> Command successful.
> 
> Heres dump from my header:
> 
> cryptsetup luksDump /dev/sdb2
> LUKS header information for /dev/sdb2
> 
> Version:        1
> Cipher name:    aes
> Cipher mode:    xts-plain64
> Hash spec:      sha1
> Payload offset: 4096
> MK bits:        512
> MK digest:      54 97 2b 30 10 4c 23 db 49 b6 71 97 fe a2 f5 e4 e6 eb ed 15
> MK salt:        ae a7 e6 67 e5 87 8d 72 35 33 1c b7 67 4f 80 f2
>                 26 c1 02 19 46 76 a5 9f 54 f7 68 ea b7 7b f1 1c
> MK iterations:  43375
> UUID:           1e582a36-28eb-415d-9ce9-acd57d076324
> 
> Key Slot 0: ENABLED
>         Iterations:             194824
>         Salt:                   44 c2 26 99 b8 29 5e 5b 23 f1 71 c4 a3 f8
> 16 ca
>                                 c7 a2 7c f7 92 ff 2d 01 c1 b7 93 94 7b 5b
> b6 df
>         Key material offset:    8
>         AF stripes:             4000
> Key Slot 1: DISABLED
> Key Slot 2: DISABLED
> Key Slot 3: DISABLED
> Key Slot 4: DISABLED
> Key Slot 5: DISABLED
> Key Slot 6: DISABLED
> Key Slot 7: DISABLED
> 
> I also tried deal with locale, eg:
> 
> LANG=en_US cryptsetup luksOpen /dev/sdb2 c3
> Enter passphrase for /dev/sdb2:
> No key available with this passphrase.
> 
> but with no effect.
> 
> Here is content of my crypttab:
> 
> luks-f5516cbe-f746-4876-b70e-3e22be73ef35
> UUID=f5516cbe-f746-4876-b70e-3e22be73ef35 none
> luks-1e582a36-28eb-415d-9ce9-acd57d076324
> UUID=1e582a36-28eb-415d-9ce9-acd57d076324 none
> luks-d52b03d1-f9b4-4e16-9f06-3edeb4e02d64
> UUID=d52b03d1-f9b4-4e16-9f06-3edeb4e02d64 none
> 
> After few days working with this problem i stuck; cant access my data. ..
> anyone know what is going on ?
> 
> -- 
> 
> Pozdrawiam serdecznie / Best regards
> Piotr Kaczmarski
> mobile: 0 783 306 696
> 
> TLS Oddział Polska
> tel. +48 016 733 2109 http://www.logrus.eu
> 
> The Logrus Solutions Ltd.
> 5 London Road
> SW17 9JR London, UK
> landline: +44 084 5869 3688
> skype: logrus.co

> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare


More information about the dm-crypt mailing list