[dm-crypt] (no subject)

Hammad Siddiqi hsiddiqi at gmail.com
Mon May 1 19:37:14 CEST 2017


Hi Team,

May I please get an update on this.

Thanks

Hammad Siddiqi

On Sun, Apr 30, 2017 at 12:19 AM, Hammad Siddiqi <hsiddiqi at gmail.com> wrote:

> Hi,
>
> here is the result, for some reason i  did not get Arno's email
>
> [root at LA3-KVMISLAND08-20319 keyslot_checker]# /tmp/chk_luks_keyslots -v
> /dev/sdb
>
> parameters (commandline and LUKS header):
>   sector size: 512
>   threshold:   0.900000
>
> - processing keyslot 0:  start: 0x001000   end: 0x03f800
> - processing keyslot 1:  keyslot not in use
> - processing keyslot 2:  keyslot not in use
> - processing keyslot 3:  keyslot not in use
> - processing keyslot 4:  keyslot not in use
> - processing keyslot 5:  keyslot not in use
> - processing keyslot 6:  keyslot not in use
> - processing keyslot 7:  keyslot not in use
>
>
>
>
> On Sat, Apr 29, 2017 at 10:48 PM, Hammad Siddiqi <hsiddiqi at gmail.com>
> wrote:
>
>> Hi,No key available with this passphrase.
>>
>> one of our host, running centos 7.1, crashed today with a kernel panic on
>> qemu-kvm process. the VM disks were stored on encrypted volume, which
>> became locked after reboot. the cryptseup luksOpen  command throws "No Key
>> available with this passphrase". The encrypted volume has a 512 bit key
>> without any password. we also backup our key and both backup and key
>> residing on server are same. We have tried to by pass current OS by booting
>> up using live CD of Centos 7.1, Linux Mint 17, Ubuntu 17.04 with different
>> versions of kernel and crypt setup. this did not succeed. we believe the
>> key is correct but the Encrypted volume is not accepting it. Can you please
>> help us on this. Please let me know if you need something else as well
>>
>> * command used: cryptsetup luksOpen --key-file /etc/luks.key
>> /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d raid10-2hs-island
>> * Host Kernel Version: 3.10.0-229.el7.x86_64
>> * Host Cryptsetup version: 1.6.6
>>
>> **output of cryptsetup luksOpen**
>>
>>  **cryptsetup luksOpen --key-file /etc/luks.key
>> /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d raid10-2hs-island
>> --verbose --debug**
>> ```
>> # cryptsetup 1.7.2 processing "cryptsetup luksOpen --key-file
>> /etc/luks.key /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
>> raid10-2hs-island --verbose --debug"
>> # Running command open.
>> # Locking memory.
>> # Installing SIGINT/SIGTERM handler.
>> # Unblocking interruption on signal.
>> # Allocating crypt device /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
>> context.
>> # Trying to open and read device /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
>> with direct-io.
>> # Initialising device-mapper backend library.
>> # Trying to load LUKS1 crypt type from device
>> /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d.
>> # Crypto backend (gcrypt 1.5.3) initialized in cryptsetup library version
>> 1.7.2.
>> # Detected kernel Linux 3.10.0-229.el7.x86_64 x86_64.
>> # Reading LUKS header of size 1024 from device
>> /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
>> # Key length 64, device size 15622799360 sectors, header size 4036
>> sectors.
>> # Timeout set to 0 miliseconds.
>> # Password retry count set to 3.
>> # Password verification disabled.
>> # Iteration time set to 2000 miliseconds.
>> # Password retry count set to 1.
>> # Activating volume raid10-2hs-island [keyslot -1] using keyfile
>> /etc/luks.key.
>> # dm version   [ opencount flush ]   [16384] (*1)
>> # dm versions   [ opencount flush ]   [16384] (*1)
>> # Detected dm-crypt version 1.13.0, dm-ioctl version 4.29.0.
>> # Device-mapper backend running with UDEV support enabled.
>> # dm status raid10-2hs-island  [ opencount flush ]   [16384] (*1)
>> # File descriptor passphrase entry requested.
>> # Trying to open key slot 0 [ACTIVE_LAST].
>> # Reading key slot 0 area.
>> # Using userspace crypto wrapper to access keyslot area.
>> # Trying to open key slot 1 [INACTIVE].
>> # Trying to open key slot 2 [INACTIVE].
>> # Trying to open key slot 3 [INACTIVE].
>> # Trying to open key slot 4 [INACTIVE].
>> # Trying to open key slot 5 [INACTIVE].
>> # Trying to open key slot 6 [INACTIVE].
>> # Trying to open key slot 7 [INACTIVE].
>> No key available with this passphrase.
>> # Releasing crypt device /dev/disk/by-uuid/92de4358-d815-496a-8a58-60e55346161d
>> context.
>> # Releasing device-mapper backend.
>> # Unlocking memory.
>> Command failed with code 1: Operation not permitted
>> ```
>>
>> **cryptsetup luksDump:**
>>
>> ```
>> cryptsetup -v luksDump /dev/sdb
>> LUKS header information for /dev/sdb
>>
>> Version:        1
>> Cipher name:    aes
>> Cipher mode:    xts-plain64
>> Hash spec:      sha1
>> Payload offset: 4096
>> MK bits:        512
>> MK digest:      XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>> MK salt:        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>>                 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>> MK iterations:  36750
>> UUID:           #############################
>>
>> Key Slot 0: ENABLED
>>         Iterations:             141435
>>         Salt:                   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>> XXXXXXXXXXXXXXX
>>                                 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>> XXXXXXXXXXXXXXX
>>         Key material offset:    8
>>         AF stripes:             4000
>> Key Slot 1: DISABLED
>> Key Slot 2: DISABLED
>> Key Slot 3: DISABLED
>> Key Slot 4: DISABLED
>> Key Slot 5: DISABLED
>> Key Slot 6: DISABLED
>> Key Slot 7: DISABLED
>> Command successful.
>> ```
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20170501/63038321/attachment.html>


More information about the dm-crypt mailing list