[dm-crypt] No key available with this passphrase.

Ryan Delaney ryan.delaney at gmail.com
Tue Jun 10 18:37:55 CEST 2014


Hello,

I have a RAID5 array composed of three (3x3GB) disks:

> $ sudo mdadm --misc --detail /dev/md0
> /dev/md0:
>        Version : 1.2
>  Creation Time : Tue Nov 13 16:54:29 2012
>     Raid Level : raid5
>     Array Size : 5860268032 (5588.79 GiB 6000.91 GB)
>  Used Dev Size : 2930134016 (2794.39 GiB 3000.46 GB)
>   Raid Devices : 3
>  Total Devices : 3
>    Persistence : Superblock is persistent
>
>    Update Time : Tue Jun 10 08:08:15 2014
>          State : clean
> Active Devices : 3
>Working Devices : 3
> Failed Devices : 0
>  Spare Devices : 0
>
>         Layout : left-symmetric
>     Chunk Size : 512K
>
>           Name : mothership:0  (local to host mothership)
>           UUID : 02aff219:f7f6840c:9aaf506f:1ce273b0
>         Events : 58
>
>    Number   Major   Minor   RaidDevice State
>       0       8       65        0      active sync   /dev/sde1
>       1       8       81        1      active sync   /dev/sdf1
>       3       8       97        2      active sync   /dev/sdg1

There are two partitions on the disk. md0p1 is 500gb and I use it to store
encrypted data. md0p2 uses the remaining 5.5GB for non-secure long term
storage.

On June 1, I migrated from truecrypt and created a new volume on md0p1. From
journalctl:

> sudo /usr/bin/cryptsetup -v luksFormat /dev/md0p1
> sudo /usr/bin/cryptsetup open --type luks /dev/md0p1 crypt
> sudo /usr/bin/mkfs -t ext4 /dev/mapper/crypt
> sudo /usr/bin/mount /dev/mapper/crypt /media/crypt

It was initialized with a passphrase that I have stored in a gpg encrypted
file. I worked with the volume open for about a day and copied data into it without
any issue. Satisfied, I uninstalled truecrypt.

Shortly thereafter, kernel updates, systemd, and various others were pulled
through the archlinux core repository. Pacman update log: http://sprunge.us/KLJL

After applying these updates, I rebooted the system. I find myself unable to
open the partition with cryptsetup:

> $ sudo /usr/bin/cryptsetup open --type luks /dev/md0p1 crypt
> Enter passphrase for /dev/md0p1:
> No key available with this passphrase.
> Enter passphrase for /dev/md0p1:

Output of luksDump:

> LUKS header information for /dev/md0p1
>
>Version:        1
>Cipher name:    aes
>Cipher mode:    xts-plain64
>Hash spec:      sha1
>Payload offset: 4096
>MK bits:        256
>MK digest:      ef 1e 13 6f 79 2a bd 0e 09 81 ae d9 3d 61 68 c9 42 ad 67 25
>MK salt:        8d d1 4c 5b b8 76 12 43 fd 62 b3 e8 0e 70 6e 85
>                fd c6 56 30 84 dd c0 d7 87 45 1a ab 3d 02 39 4e
>MK iterations:  99500
>UUID:           e2aa27d7-d0bf-469a-ad77-0c197a3f2d70
>
>Key Slot 0: ENABLED
>        Iterations:             419671
>        Salt:                   5c db 57 29 7e 15 fc f7 64 95 c0 78 31 15 08 7d
>                                cd 55 a2 f5 39 ba 5f 51 9c 0b 09 c5 a2 51 84 f1
>        Key material offset:    8
>        AF stripes:             4000
>Key Slot 1: DISABLED
>Key Slot 2: DISABLED
>Key Slot 3: DISABLED
>Key Slot 4: DISABLED
>Key Slot 5: DISABLED
>Key Slot 6: DISABLED
>Key Slot 7: DISABLED

Is it possible that the updates are interfering in any way? What can I do to
troubleshoot this?
-- 
Regards,
Ryan Delaney

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20140610/cc1f5520/attachment.asc>


More information about the dm-crypt mailing list