[dm-crypt] what happens when cryptsetup is given an incorrect passphrase?

Robert Lummis robert.lummis at gmail.com
Fri Jul 2 20:31:58 CEST 2010


Update: I've been experimenting with losetup and cryptsetup luks...
commands interactively (not scripted) and they all seem to work or
else fail in an understandable way. So I must have left out something
essential in my original posting (quoted below). I'm sorry about that.

I'll post again when I can pin down what sequence of commands leads to
the confusing state. I did again see the state where "luksClose
secret" says "Device secret is not active" but "losetup -d /dev/loop0"
says the device is busy.  Unfortunately on that occasion I couldn't
trace back to the commands that had preceded it. Also, at that time I
didn't think to do "luksDump /dev/loop0".  Probably more later.

On Fri, Jul 2, 2010 at 11:25 AM, Robert Lummis <robert.lummis at gmail.com> wrote:
> I'm writing some python and bash scripts that do cryptsetup luksOpen
> and luksClose on a /dev/loop-mounted file. The user enters the
> passphrase at the keyboard and the script passes it to cryptsetup.
>
> When the user enters the wrong passphrase the file gets into a state
> that I can't get out of except by rebooting. losetup thinks the device
> is attached (losetup -f returns /dev/loop1) but I can't detach it
> (losetup -d /dev/loop1 says 'the device is busy' or something like
> that). /dev/mapper contains no names and "cryptsetup luksClose <name>"
> says 'no such name' or something like that (<name> is the name on the
> failed luksOpen).
>
> Question 1) What is going on here and how can I avoid it or get out of
> it? Rebooting is not a good answer. When the user gives the correct
> passphrase everything works as expected.
>
> Question 2) A related question: is there a way to verify the
> passphrase without actually opening (or failing to open) the
> partition? I would like to collect the passphrase from the user at the
> beginning of the script but not use it until later, and be sure it
> will work at that time.
>
> Question 3) Are the exit codes from cryptsetup documented somewhere?
> I've seen 0 and 255. Are there others?
>
> I am currently using ubuntu 10.04 with the pre-installed cryptsetup
> and losetup. cryptsetup is 1.1.0-rc2. losetup doesn't give it's
> version number.
>
> --
> Robert Lummis
>



-- 
Robert Lummis


More information about the dm-crypt mailing list