-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hello list, apologies for abusing linux-crypto with loop-aes-only-related problems, but it's my crpyto-solution of choice ;-) now that multi-key-v3 is the preferred key-mode with loop-aes, i wanted to "switch" from multi-key-v2 to multi-key-v3 using a linux-2.6 kernel. reading http://www.spinics.net/lists/crypto/msg02814.html made me use aespipe but i felt like making some changes to the syntax, because i had no single-key setup and no "seed.txt". what i did was: $ dd if=test.img bs=64k | aespipe -d -e aes128 -K ~/keys/sda8.gpg \ | aespipe -e aes128 -K ~/keys/sda8-v3.gpg -w120 \ | dd of=test.img bs=64k conv=notrunc $ losetup -e aes128 -K ~/keys/sda8-v3.gpg /dev/loop0 test.img but after this, i could not mount test.img (loop0) anymore - all data seems to be gone (luckily i really did this on the test.img first, not with real, valuable data). (full log see below) i wonder - - how i misused aespipe - - if this is the way to go, to change the cipher/passphrase/keyfile without reformatting the fs (i assume the answer is "yes") - - how to figure out the right time to wait (aespipe -w) on large filesystems without testing first thank you for your ideas. i could imagine this is somehow a FAQ and adding the (right) answers to loop-AES.README (Example 7) would be fine. maybe we'll have multi-key-v4 anytime soon and people have to switch again. Christian. - ---------- some cmd snippets ---------- root@sheep:~# losetup -e aes128 -K ~/keys/sda8.gpg /dev/loop0 test.img root@sheep:~# losetup -a /dev/loop0: [0805]:16819615 (test.img) encryption=AES128 multi-key-v3 root@sheep:~# mount -t ext2 /dev/loop0 /mnt/cdrom/ [success] root@sheep:~# umount /mnt/cdrom/ root@sheep:~# losetup -d /dev/loop0 root@sheep:~# root@sheep:~# dd if=test.img bs=64k | aespipe -d -e aes128 -K \ ~/keys/sda8.gpg | aespipe -e aes128 -K ~/keys/sda8-v3.gpg\ -w120 | dd of=test.img bs=64k conv=notrunc Password: Password: 800+0 records in 800+0 records out 52428800 bytes transferred in 134.029051 seconds (391175 bytes/sec) 111+5214 records in 111+5214 records out 52428800 bytes transferred in 134.027787 seconds (391179 bytes/sec) root@sheep:~# ls -lah test.img - -rw-r--r-- 1 root root 50M Jan 16 03:14 test.img [size as before] root@sheep:~# losetup -e aes128 -K ~/keys/sda8-v3.gpg /dev/loop0 test.img Password: root@sheep:~# mount -t ext2 /dev/loop0 /mnt/cdrom/ mount: wrong fs type, bad option, bad superblock on /dev/loop0, missing codepage or other error In some cases useful info is found in syslog - try dmesg | tail or so [ NOTE: sda8-v3.key was generated as in Ex.2 in loop-AES.README, sda8.key was generated following the loop-AES.README that came with loop-aes-v2.x once. ] - -- BOFH excuse #82: Yeah, yo mama dresses you funny and you need a mouse to delete files. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB6dUL+A7rjkF8z0wRAotIAJ4lcPRjRIY211SeJ6GTWwelUs3JEwCeNOfP qO1b1ESOTAhRH0Z5rE2IfO8= =HXpG -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
