Peter_22@xxxxxx wrote:
> > Can you now decrypt the rootkey.gpg key file in both openSuSE text
> > console and in X windows? Or is it decryptable in knoppix and
> > encrypted-root-initrd only?
>
> Bad news! I checked it right now as you asked. The result is:
> rootkey was made in Knoppix 5.01 DVD
> default.kmap was taken from same Knoppix
> build-initrd.sh was run in SuSE 10.2 on AMD64 _without_ UTF8KEYBMODE=1
> losetup, loop.ko, gpg and such were taken from same SuSE
> encryption/decryption in Knoppix works fine
> booting from MicroSD works fine, too
> issuing losetup -e aes256 -K /<path>/rootkey /dev/loopX /dev/sdaX in SuSE 10.2 FAILS!!!
So Knoppix and SUSE use different default character encodings. Old version
of Knoppix CD that I have seems to default to ASCII mode. Maybe newer
Knoppix versions do the same. SUSE seems to default to UTF-8 mode.
You can set your text console keyboard to ASCII mode using "kbd_mode -a"
command and to UTF-8 mode using "kbd_mode -u" command. Issuing either of
those commands before you run gpg, losetup or something that requires a
passphrase, should fix it. For text console, that is. For X windows, those
commands may screw your keyboard setting really badly (haven't tested).
You don't need to run losetup to test if you can decrypt a key file. Just
run "gpg --decrypt <rootkey.gpg". If that works, then losetup works too.
> Yes, SuSE messed it up once again.
Different defaults, not necessarily messed up.
> Console (Alt+F1) says:
> The keyboard is in Unicode (UTF-8) more
And in Knoppix it says "ASCII", which uses different encoding scheme for all
those öäåÖÄÅ or whatever characters.
> None decrypts the key! Might I load the default.kmap manually?
In text console, run "kbd_mode -a", and try again.
Remember this from earlier in this thread?
$ read x ; echo -n ${x} | od -Ax -tx1 -
123
000000 31 32 33
000003
$ read x ; echo -n ${x} | od -Ax -tx1 -
öäåÖÄŵß
000000 f6 e4 e5 d6 c4 c5 b5 df
000008
Those hex numbers represent characters that you type. Whatever encoding is
used to represent characters, same encoding must be used when you encrypt
something using gpg, and when you attempt to decrypt an encrypted file.
Those hex bytes are used to derive symmetric encryption key, or in case of
public key crypto, they are used to derive a key to decrypt your private
keyring data. If hex representation of characters in your passphrase are
different, then it is guaranteed to fail.
That UTF8KEYBMODE=1 in build-initrd.sh config puts keyboard to UTF-8 mode
before passphrase is typed to losetup program. So, previously an initrd
created by build-initrd.sh only worked in ASCII keyboard mode, but now
build-initrd.sh lets you configure it either way. UTF8KEYBMODE=0 means ASCII
keyboard mode. UTF8KEYBMODE=1 means UTF-8 keyboard mode.
--
Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
