[dm-crypt] Troubleshooting: Header Conversion to argon2id

procmem procmem at riseup.net
Tue Sep 11 19:09:00 CEST 2018


Hi, I went ahead and tested the commands recommended by Milan for
converting headers to use the better pbkdf algo. Unfortunately I'm
running into an obscure error and wanted your advice on how to solve it.

Please see the output of the command with --debug


root at debian:/home/user# cryptsetup luksConvertKey --key-slot 1 --pbkdf
argon2id --pbkdf-force-iterations 50 --pbkdf-memory 1048576
--pbkdf-parallel 4 /dev/vda1 --debug
# cryptsetup 2.0.4 processing "cryptsetup luksConvertKey --key-slot 1
--pbkdf argon2id --pbkdf-force-iterations 50 --pbkdf-memory 1048576
--pbkdf-parallel 4 /dev/vda1 --debug"
# Running command luksConvertKey.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/vda1.
# Trying to open and read device /dev/vda1 with direct-io.
# Initialising device-mapper backend library.
# Trying to load LUKS2 crypt type from device /dev/vda1.
# Crypto backend (gcrypt 1.8.3) initialized in cryptsetup library
version 2.0.4.
# Detected kernel Linux 4.17.0-3-amd64 x86_64.
# Loading LUKS2 header (repair disabled).
# Opening lock resource file /run/cryptsetup/L_254:1
# Acquiring read lock for device /dev/vda1.
# Verifying read lock handle for device /dev/vda1.
# Device /dev/vda1 READ lock taken.
# Trying to read primary LUKS2 header at offset 0x0.
# Opening locked device /dev/vda1
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 0x4000.
# Opening locked device /dev/vda1
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 0x8000.
# Opening locked device /dev/vda1
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 0x10000.
# Opening locked device /dev/vda1
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 0x20000.
# Opening locked device /dev/vda1
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 0x40000.
# Opening locked device /dev/vda1
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 0x80000.
# Opening locked device /dev/vda1
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 0x100000.
# Opening locked device /dev/vda1
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 0x200000.
# Opening locked device /dev/vda1
# Veryfing locked device handle (bdev)
# Trying to read secondary LUKS2 header at offset 0x400000.
# Opening locked device /dev/vda1
# Veryfing locked device handle (bdev)
# LUKS2 header read failed (-22).
# Device /dev/vda1 READ lock released.
# Releasing crypt device /dev/vda1 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code -1 (wrong or missing parameters).



More information about the dm-crypt mailing list