[dm-crypt] (no subject)

Hammad Siddiqi hsiddiqi at gmail.com
Sat Apr 29 21:19:17 CEST 2017


Hi,

here is the result, for some reason i  did not get Arno's email

[root at LA3-KVMISLAND08-20319 keyslot_checker]# /tmp/chk_luks_keyslots -v
/dev/sdb

parameters (commandline and LUKS header):
  sector size: 512
  threshold:   0.900000

- processing keyslot 0:  start: 0x001000   end: 0x03f800
- processing keyslot 1:  keyslot not in use
- processing keyslot 2:  keyslot not in use
- processing keyslot 3:  keyslot not in use
- processing keyslot 4:  keyslot not in use
- processing keyslot 5:  keyslot not in use
- processing keyslot 6:  keyslot not in use
- processing keyslot 7:  keyslot not in use




On Sat, Apr 29, 2017 at 10:48 PM, Hammad Siddiqi <hsiddiqi at gmail.com> wrote:

> Hi,No key available with this passphrase.
>
> one of our host, running centos 7.1, crashed today with a kernel panic on
> qemu-kvm process. the VM disks were stored on encrypted volume, which
> became locked after reboot. the cryptseup luksOpen  command throws "No Key
> available with this passphrase". The encrypted volume has a 512 bit key
> without any password. we also backup our key and both backup and key
> residing on server are same. We have tried to by pass current OS by booting
> up using live CD of Centos 7.1, Linux Mint 17, Ubuntu 17.04 with different
> versions of kernel and crypt setup. this did not succeed. we believe the
> key is correct but the Encrypted volume is not accepting it. Can you please
> help us on this. Please let me know if you need something else as well
>
> * command used: cryptsetup luksOpen --key-file /etc/luks.key
> /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d raid10-2hs-island
> * Host Kernel Version: 3.10.0-229.el7.x86_64
> * Host Cryptsetup version: 1.6.6
>
> **output of cryptsetup luksOpen**
>
>  **cryptsetup luksOpen --key-file /etc/luks.key /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
> raid10-2hs-island --verbose --debug**
> ```
> # cryptsetup 1.7.2 processing "cryptsetup luksOpen --key-file
> /etc/luks.key /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
> raid10-2hs-island --verbose --debug"
> # Running command open.
> # Locking memory.
> # Installing SIGINT/SIGTERM handler.
> # Unblocking interruption on signal.
> # Allocating crypt device /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
> context.
> # Trying to open and read device /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
> with direct-io.
> # Initialising device-mapper backend library.
> # Trying to load LUKS1 crypt type from device /dev/disk/by-uuid/92de4358-
> d815-496a-8a58-60e55346161d.
> # Crypto backend (gcrypt 1.5.3) initialized in cryptsetup library version
> 1.7.2.
> # Detected kernel Linux 3.10.0-229.el7.x86_64 x86_64.
> # Reading LUKS header of size 1024 from device /dev/disk/by-uuid/92de4358-
> d815-496a-8a58-60e55346161d
> # Key length 64, device size 15622799360 sectors, header size 4036 sectors.
> # Timeout set to 0 miliseconds.
> # Password retry count set to 3.
> # Password verification disabled.
> # Iteration time set to 2000 miliseconds.
> # Password retry count set to 1.
> # Activating volume raid10-2hs-island [keyslot -1] using keyfile
> /etc/luks.key.
> # dm version   [ opencount flush ]   [16384] (*1)
> # dm versions   [ opencount flush ]   [16384] (*1)
> # Detected dm-crypt version 1.13.0, dm-ioctl version 4.29.0.
> # Device-mapper backend running with UDEV support enabled.
> # dm status raid10-2hs-island  [ opencount flush ]   [16384] (*1)
> # File descriptor passphrase entry requested.
> # Trying to open key slot 0 [ACTIVE_LAST].
> # Reading key slot 0 area.
> # Using userspace crypto wrapper to access keyslot area.
> # Trying to open key slot 1 [INACTIVE].
> # Trying to open key slot 2 [INACTIVE].
> # Trying to open key slot 3 [INACTIVE].
> # Trying to open key slot 4 [INACTIVE].
> # Trying to open key slot 5 [INACTIVE].
> # Trying to open key slot 6 [INACTIVE].
> # Trying to open key slot 7 [INACTIVE].
> No key available with this passphrase.
> # Releasing crypt device /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
> context.
> # Releasing device-mapper backend.
> # Unlocking memory.
> Command failed with code 1: Operation not permitted
> ```
>
> **cryptsetup luksDump:**
>
> ```
> cryptsetup -v luksDump /dev/sdb
> LUKS header information for /dev/sdb
>
> Version:        1
> Cipher name:    aes
> Cipher mode:    xts-plain64
> Hash spec:      sha1
> Payload offset: 4096
> MK bits:        512
> MK digest:      XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> MK salt:        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>                 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> MK iterations:  36750
> UUID:           #############################
>
> Key Slot 0: ENABLED
>         Iterations:             141435
>         Salt:                   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXX
>                                 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXX
>         Key material offset:    8
>         AF stripes:             4000
> Key Slot 1: DISABLED
> Key Slot 2: DISABLED
> Key Slot 3: DISABLED
> Key Slot 4: DISABLED
> Key Slot 5: DISABLED
> Key Slot 6: DISABLED
> Key Slot 7: DISABLED
> Command successful.
> ```
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20170430/4edfb2d9/attachment.html>


More information about the dm-crypt mailing list