[dm-crypt] luksAddKey successful but not working
arno at wagner.name
Wed May 22 16:33:45 CEST 2013
A look into the man-page of cryptsetup shows that luksAddKey does
not write the key-file, but reads it. I am surprised though that
cryptsetup does not complain that the file is missing. With my
system (cryptsetup 1.6.0) it does:
# cryptsetup luksAddKey /dev/loop0 keyfile
Enter any passphrase:
Failed to open key file. <---
Have you created "keyfile" before? If so, you just added the empty
passphrase to your device, something you probably do not want to do.
On Wed, May 22, 2013 at 08:50:22AM -0400, leam hall wrote:
> Help! I've nearly broken my desk banging my head against this problem. I am
> using Red Hat 5.9 base install and trying to set the LUKS volume to come
> on-line on boot.
> The volume can be manually mounted. However, when I try to create the key
> file it becomes a 0 length file and does not work when the system boots.
> cryptsetup luksAddKey /dev/sda2 keyfile
> Enter any LUKS passphrase:
> Verify passphrase:
> key slot 0 unlocked.
> Command successful.
> ls -lart keyfile
> -rw------- 1 root root 0 May 22 08:42 keyfile
> cat /etc/crypttab
> luks /dev/sda2 /root/keyfile luks
> This is probably operator error but I'm not sure where to look. Any help
> Mind on a Mission <http://leamhall.blogspot.com/>
> dm-crypt mailing list
> dm-crypt at saout.de
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult. --Tony Hoare
More information about the dm-crypt