[dm-crypt] (no subject)

Arno Wagner arno at wagner.name
Sat Apr 29 20:30:37 CEST 2017


Hi Hammad,

sounds like your one key-slot might have been damaged.

Please run the keyslot-checker found in misc/keyslot_checker
of the source package and report the results.

Regards,
Arno


On Sat, Apr 29, 2017 at 19:48:15 CEST, Hammad Siddiqi wrote:
>    Hi,No key available with this passphrase.
>    one of our host, running centos 7.1, crashed today with a kernel panic
>    on qemu-kvm process. the VM disks were stored on encrypted volume,
>    which became locked after reboot. the cryptseup luksOpen  command
>    throws "No Key available with this passphrase". The encrypted volume
>    has a 512 bit key without any password. we also backup our key and both
>    backup and key residing on server are same. We have tried to by pass
>    current OS by booting up using live CD of Centos 7.1, Linux Mint 17,
>    Ubuntu 17.04 with different versions of kernel and crypt setup. this
>    did not succeed. we believe the key is correct but the Encrypted volume
>    is not accepting it. Can you please help us on this. Please let me know
>    if you need something else as well
>    * command used: cryptsetup luksOpen --key-file /etc/luks.key
>    /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
>    raid10-2hs-island
>    * Host Kernel Version: 3.10.0-229.el7.x86_64
>    * Host Cryptsetup version: 1.6.6
>    **output of cryptsetup luksOpen**
>     **cryptsetup luksOpen --key-file /etc/luks.key
>    /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
>    raid10-2hs-island --verbose --debug**
>    ```
>    # cryptsetup 1.7.2 processing "cryptsetup luksOpen --key-file
>    /etc/luks.key /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
>    raid10-2hs-island --verbose --debug"
>    # Running command open.
>    # Locking memory.
>    # Installing SIGINT/SIGTERM handler.
>    # Unblocking interruption on signal.
>    # Allocating crypt device
>    /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d context.
>    # Trying to open and read device
>    /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d with direct-io.
>    # Initialising device-mapper backend library.
>    # Trying to load LUKS1 crypt type from device
>    /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d.
>    # Crypto backend (gcrypt 1.5.3) initialized in cryptsetup library
>    version 1.7.2.
>    # Detected kernel Linux 3.10.0-229.el7.x86_64 x86_64.
>    # Reading LUKS header of size 1024 from device
>    /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
>    # Key length 64, device size 15622799360 sectors, header size 4036
>    sectors.
>    # Timeout set to 0 miliseconds.
>    # Password retry count set to 3.
>    # Password verification disabled.
>    # Iteration time set to 2000 miliseconds.
>    # Password retry count set to 1.
>    # Activating volume raid10-2hs-island [keyslot -1] using keyfile
>    /etc/luks.key.
>    # dm version   [ opencount flush ]   [16384] (*1)
>    # dm versions   [ opencount flush ]   [16384] (*1)
>    # Detected dm-crypt version 1.13.0, dm-ioctl version 4.29.0.
>    # Device-mapper backend running with UDEV support enabled.
>    # dm status raid10-2hs-island  [ opencount flush ]   [16384] (*1)
>    # File descriptor passphrase entry requested.
>    # Trying to open key slot 0 [ACTIVE_LAST].
>    # Reading key slot 0 area.
>    # Using userspace crypto wrapper to access keyslot area.
>    # Trying to open key slot 1 [INACTIVE].
>    # Trying to open key slot 2 [INACTIVE].
>    # Trying to open key slot 3 [INACTIVE].
>    # Trying to open key slot 4 [INACTIVE].
>    # Trying to open key slot 5 [INACTIVE].
>    # Trying to open key slot 6 [INACTIVE].
>    # Trying to open key slot 7 [INACTIVE].
>    No key available with this passphrase.
>    # Releasing crypt device
>    /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d context.
>    # Releasing device-mapper backend.
>    # Unlocking memory.
>    Command failed with code 1: Operation not permitted
>    ```
>    **cryptsetup luksDump:**
>    ```
>    cryptsetup -v luksDump /dev/sdb
>    LUKS header information for /dev/sdb
>    Version:        1
>    Cipher name:    aes
>    Cipher mode:    xts-plain64
>    Hash spec:      sha1
>    Payload offset: 4096
>    MK bits:        512
>    MK digest:      XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>    MK salt:        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>                    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>    MK iterations:  36750
>    UUID:           #############################
>    Key Slot 0: ENABLED
>            Iterations:             141435
>            Salt:
>    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> 
>    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>            Key material offset:    8
>            AF stripes:             4000
>    Key Slot 1: DISABLED
>    Key Slot 2: DISABLED
>    Key Slot 3: DISABLED
>    Key Slot 4: DISABLED
>    Key Slot 5: DISABLED
>    Key Slot 6: DISABLED
>    Key Slot 7: DISABLED
>    Command successful.
>    ```

> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier


More information about the dm-crypt mailing list