You don't need to bother specifying --key-size=256 --cipher=twofish-cbc-essiv:sha256 for luksOpen, all that information is read from the LUKS header. You haven't managed to set your password to '' have you? On 9/14/07, Christoffer Dahl Petersen <duca@xxxxxxxxxx> wrote: > > Hi! > > I'm trying to protect one of my partitions with luks and a gpg protected > key: > [root@localhost ~]# gpg --quiet > --decrypt /mnt/fedorainitrd/rootfs-key.gpg |cryptsetup -v --key-size=256 > --key-file=- --cipher=twofish-cbc-essiv:sha256 luksFormat /dev/sda3 > Command successful. > > [root@localhost ~]# gpg --decrypt /mnt/fedorainitrd/rootfs-key.gpg | > cryptsetup -v --key-size=256 --cipher=twofish-cbc-essiv:sha256 > luksOpen /dev/sda3 root > gpg: TWOFISH encrypted data > gpg: encrypted with 1 passphrase > gpg: decryption failed: bad key > key slot 0 unlocked. > Command successful. > > [root@localhost ~]# ls /dev/mapper/ > control root > [root@localhost ~]# > > As you can see the luksFormat complete successfully (gpg asks for a > passphrase and I enter the right one). But when I'm trying to open the > newly created luks partition, it opens regardless if I enter the correct > or wrong passphrase. What am I missing? > > Some system info: > [root@localhost ~]# cat /etc/redhat-release > Fedora release 7 (Moonshine) > [root@localhost ~]# uname -a > Linux localhost.local 2.6.22.4-65.fc7 #1 SMP Tue Aug 21 22:36:56 EDT > 2007 i686 i686 i386 GNU/Linux > [root@localhost ~]# rpm -qa |grep luks > cryptsetup-luks-1.0.5-4.fc7.1 > cryptsetup-luks-devel-1.0.5-4.fc7.1 > [root@localhost ~]# > > Regards > > /Christoffer > > > > > > > --------------------------------------------------------------------- > dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ > To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx > For additional commands, e-mail: dm-crypt-help@xxxxxxxx > >
