[dm-crypt] No key available with this passphrase.

Arno Wagner arno at wagner.name
Wed Jun 11 05:53:53 CEST 2014


Hi,

the typical problems after updates are missing ciphers
(gives a differen error) and changes character encoding. 
If, you have some non ISO-7-bit characters in you 
passphrase and are going from some byte encoding to 
UTF-8, the binary representation will change completely, 
see also FAQ item 1.2. 

The only way to deal with that is to somehow reconstruct 
old passphrase encoding and unlock with that.

In order to look at the encoding of special haracters, 
you can do something like this:

1. echo "x" > test
2. hd test

with x replaced by the special character.

Arno


On Tue, Jun 10, 2014 at 18:37:55 CEST, Ryan Delaney wrote:
> Hello,
> 
> I have a RAID5 array composed of three (3x3GB) disks:
> 
> > $ sudo mdadm --misc --detail /dev/md0
> > /dev/md0:
> >        Version : 1.2
> >  Creation Time : Tue Nov 13 16:54:29 2012
> >     Raid Level : raid5
> >     Array Size : 5860268032 (5588.79 GiB 6000.91 GB)
> >  Used Dev Size : 2930134016 (2794.39 GiB 3000.46 GB)
> >   Raid Devices : 3
> >  Total Devices : 3
> >    Persistence : Superblock is persistent
> >
> >    Update Time : Tue Jun 10 08:08:15 2014
> >          State : clean
> > Active Devices : 3
> >Working Devices : 3
> > Failed Devices : 0
> >  Spare Devices : 0
> >
> >         Layout : left-symmetric
> >     Chunk Size : 512K
> >
> >           Name : mothership:0  (local to host mothership)
> >           UUID : 02aff219:f7f6840c:9aaf506f:1ce273b0
> >         Events : 58
> >
> >    Number   Major   Minor   RaidDevice State
> >       0       8       65        0      active sync   /dev/sde1
> >       1       8       81        1      active sync   /dev/sdf1
> >       3       8       97        2      active sync   /dev/sdg1
> 
> There are two partitions on the disk. md0p1 is 500gb and I use it to store
> encrypted data. md0p2 uses the remaining 5.5GB for non-secure long term
> storage.
> 
> On June 1, I migrated from truecrypt and created a new volume on md0p1. From
> journalctl:
> 
> > sudo /usr/bin/cryptsetup -v luksFormat /dev/md0p1
> > sudo /usr/bin/cryptsetup open --type luks /dev/md0p1 crypt
> > sudo /usr/bin/mkfs -t ext4 /dev/mapper/crypt
> > sudo /usr/bin/mount /dev/mapper/crypt /media/crypt
> 
> It was initialized with a passphrase that I have stored in a gpg encrypted
> file. I worked with the volume open for about a day and copied data into it without
> any issue. Satisfied, I uninstalled truecrypt.
> 
> Shortly thereafter, kernel updates, systemd, and various others were pulled
> through the archlinux core repository. Pacman update log: http://sprunge.us/KLJL
> 
> After applying these updates, I rebooted the system. I find myself unable to
> open the partition with cryptsetup:
> 
> > $ sudo /usr/bin/cryptsetup open --type luks /dev/md0p1 crypt
> > Enter passphrase for /dev/md0p1:
> > No key available with this passphrase.
> > Enter passphrase for /dev/md0p1:
> 
> Output of luksDump:
> 
> > LUKS header information for /dev/md0p1
> >
> >Version:        1
> >Cipher name:    aes
> >Cipher mode:    xts-plain64
> >Hash spec:      sha1
> >Payload offset: 4096
> >MK bits:        256
> >MK digest:      ef 1e 13 6f 79 2a bd 0e 09 81 ae d9 3d 61 68 c9 42 ad 67 25
> >MK salt:        8d d1 4c 5b b8 76 12 43 fd 62 b3 e8 0e 70 6e 85
> >                fd c6 56 30 84 dd c0 d7 87 45 1a ab 3d 02 39 4e
> >MK iterations:  99500
> >UUID:           e2aa27d7-d0bf-469a-ad77-0c197a3f2d70
> >
> >Key Slot 0: ENABLED
> >        Iterations:             419671
> >        Salt:                   5c db 57 29 7e 15 fc f7 64 95 c0 78 31 15 08 7d
> >                                cd 55 a2 f5 39 ba 5f 51 9c 0b 09 c5 a2 51 84 f1
> >        Key material offset:    8
> >        AF stripes:             4000
> >Key Slot 1: DISABLED
> >Key Slot 2: DISABLED
> >Key Slot 3: DISABLED
> >Key Slot 4: DISABLED
> >Key Slot 5: DISABLED
> >Key Slot 6: DISABLED
> >Key Slot 7: DISABLED
> 
> Is it possible that the updates are interfering in any way? What can I do to
> troubleshoot this?
> -- 
> Regards,
> Ryan Delaney
> 



> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -  Plato


More information about the dm-crypt mailing list