reverend@xxxxxxxxxxxxx wrote: > I tried to save/access the crtypted hda3; had I better used aespipe ? > Which sequence should be used, that's the big question ? To decrypt a partition using aespipe, you need to use exact same command pipe you used to encrypt it, except that a '-d' decrypt option must be added to aespipe parameters. > > The root loop-device index in build-initrd.sh configuration *must* match the > > the one used in /etc/fstab . > > That is clear. I was shure to edited it to loop0, but seeing it now, it really is 5. > First, deadly mistake made by me ! Even if /etc/fstab root device is wrong, the computer may still boot, but init scripts may become seriously confused and puke horrible error messages at you when init scripts can't find the devices they are supposed to check and possibly fsck at boot. > testsystem edited build-initrd.sh, edited, but wrong loop for /, as I see now: Looks ok to me. (root loop index == 5) > testsystem-/etc/fstab, residing on crypted hda3: > > # <file system> <mount point> <type> <options> <dump> <pass> > > proc /proc proc defaults 0 0 > /dev/hda3 / ext2 defaults,errors=remount-ro 0 1 ^^^^^^^^^ /dev/loop5 > /dev/hda1 /boot ext2 defaults 0 2 > /dev/hda2 none swap sw 0 0 > /dev/hdc /media/cdrom0 udf,iso9660 user,noauto 0 0 > usbdevfs /proc/bus/usb usbdevfs devmode=0666 0 0 > /dev/sda /usbdev ext2 user,noauto 0 0 [snip] > testsystem-/boot/grub/menu.lst, residing un unencrypted hda1: [snip] > titel Debian, USEPIVOT=1, 2.6.15 ^^^^^ title > root (hd0,0) > kernel /vmlinuz root=100 init=/linuxrc rootfstype=minix > initrd /initrd.gz [snip] > Note, that I did not saw the lower kernel on screen, I only saw the upper > kernel, unable for crypto and, therefore had nothing to choose from. Try fixing that menu.lst typo. > 1.) boot: knoppix 2 > > 2.) mkdir /mnt1 > mount -r -t ext2 /dev/hda1 /mnt1 > > 3.) cat /mnt1/rootkey.gpg (it's really there + readable) > > 4.) mkdir /mnt2 > mount -t ext2 /dev/hda3 /mnt2 -o loop=/dev/loop0,encryption=AES256,gpgkey=/mnt1/rootkey.gpg > > PW:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > message under x: wrong fs type .....the usual crap................. If above mount doesn't work, then it may well be that your filesystem is messed up quite badly. loop-AES' README example uses AES128. You could try using encryption=AES128. If AES128 mount works, then you existing initrd.gz won't work because in build-initrd.sh config key length is specified as AES256. What was the exact sequence of commands that you used to encrypt your partition. If you can remember it correctly, every character, even typos, then I may be able to help you to undo the damage. But if you can't remember it exactly, then your file system may be lost. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
