> To decrypt a partition using aespipe, you need to use exact same command
> pipe you used to encrypt it, except that a '-d' decrypt option must be added
> to aespipe parameters.
I encrypted the 55GB-hda3 wird the command from your README.txt, exact
means, that I remembered, after the first try, weeks ago, that the "\" is not to be
typed when written in one long, single row.
I mean the loop-AES-README.txt not the aespipe-Readme.txt.
I hoped that it was/it should have been:
dd if=/dev/hda3 bs=64k | /mnt/aespipe -e AES256 -K /mnt/rootkey -gpg -G / | dd of=/dev/hda3 bs=64k conv=notrunc
> > testsystem edited build-initrd.sh, edited, but wrong loop for /, as I see now:
> Looks ok to me. (root loop index == 5)
Yes, it's than O.K. if the editor forgot to type in menu.lst what he forgot to
edit into build-initrd.sh and that was the case with me.....
> > testsystem-/etc/fstab, residing on crypted hda3:
> >
> > # <file system> <mount point> <type> <options> <dump> <pass>
> >
> > proc /proc proc defaults 0 0
> > /dev/hda3 / ext2 defaults,errors=remount-ro 0 1
> ^^^^^^^^^
> /dev/loop5
>
> > /dev/hda1 /boot ext2 defaults 0 2
> > /dev/hda2 none swap sw 0 0
> > /dev/hdc /media/cdrom0 udf,iso9660 user,noauto 0 0
> > usbdevfs /proc/bus/usb usbdevfs devmode=0666 0 0
> > /dev/sda /usbdev ext2 user,noauto 0 0
Yes, I understand.
> > testsystem-/boot/grub/menu.lst, residing in unencrypted hda1:
> [snip]
> > titel Debian, USEPIVOT=1, 2.6.15
> > root (hd0,0)
> > kernel /vmlinuz root=100 init=/linuxrc rootfstype=minix
> > initrd /initrd.gz
> Try fixing that menu.lst typo.
Where + what, I dont' see the mistake now + yet, but mave have learned and used
it before you can mail.
> using encryption=AES128. If AES128 mount works, then you existing initrd.gz
> won't work because in build-initrd.sh config key length is specified as
> AES256.
Before I shredder it all, I try 128.......
> What was the exact sequence of commands that you used to encrypt your
> partition. If you can remember it correctly, every character, even typos,
> then I may be able to help you to undo the damage. But if you can't remember
> it exactly, then your file system may be lost.
See above (dd if.......................notrunc).
FAZIT:
Even me, the perfectionist, made massive mistakes due to unpredictable things
happening in everyday life.....me trying to concentrate while old dog barks
for help.
I allways had good impressions from loop-AES and so I give it another try.
Maybe I am stripping down the test-hd from 55 to 5 GB and 256 to 128 for
speeds-sake but I will give feedback.
And if I really make it, this should be frozen for other debian-users.
Regards, Reverend
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
