[dm-crypt] what happens when cryptsetup is given an incorrect passphrase?

Robert Lummis robert.lummis at gmail.com
Fri Jul 2 17:25:04 CEST 2010


I'm writing some python and bash scripts that do cryptsetup luksOpen
and luksClose on a /dev/loop-mounted file. The user enters the
passphrase at the keyboard and the script passes it to cryptsetup.

When the user enters the wrong passphrase the file gets into a state
that I can't get out of except by rebooting. losetup thinks the device
is attached (losetup -f returns /dev/loop1) but I can't detach it
(losetup -d /dev/loop1 says 'the device is busy' or something like
that). /dev/mapper contains no names and "cryptsetup luksClose <name>"
says 'no such name' or something like that (<name> is the name on the
failed luksOpen).

Question 1) What is going on here and how can I avoid it or get out of
it? Rebooting is not a good answer. When the user gives the correct
passphrase everything works as expected.

Question 2) A related question: is there a way to verify the
passphrase without actually opening (or failing to open) the
partition? I would like to collect the passphrase from the user at the
beginning of the script but not use it until later, and be sure it
will work at that time.

Question 3) Are the exit codes from cryptsetup documented somewhere?
I've seen 0 and 255. Are there others?

I am currently using ubuntu 10.04 with the pre-installed cryptsetup
and losetup. cryptsetup is 1.1.0-rc2. losetup doesn't give it's
version number.

-- 
Robert Lummis


More information about the dm-crypt mailing list