Peter Klotz <peter.klotz@...> writes: > Here my scenario (using cryptsetup 1.0.6 in Ubuntu 9.04): > > luksAddKey allows to add the same key (e.g. "abc") twice in different slots. > > luksDump output: > > ... > Key Slot 0: ENABLED > ... > Key Slot 1: ENABLED > ... > > luksRemoveKey: Fails since all passphrases are equal > > root <at> asus:~# cryptsetup luksRemoveKey /dev/sdb1 > Enter LUKS passphrase to be deleted: > key slot 0 selected for deletion. > Enter any remaining LUKS passphrase: > No remaining key available with this passphrase. > Command failed. > > luksKillSlot: Allows me to purge a specific slot > > root <at> asus:~# cryptsetup luksKillSlot /dev/sdb1 1 > Enter any remaining LUKS passphrase: > key slot 1 verified. > Command successful. > > Is this the desired behavior of luksRemoveKey in case of duplicate keys? > This issue was fixed with r41 in the maintainer's code at http://code.google.com/p/cryptsetup/. Not sure if those changes have made it into the Ubuntu version yet or not though. What was happening was the code was using the second passphrase to verify any key-slot and then afterward checking to see if that key-slot was the same key-slot as originally entered to remove - if it was it would pop out an error, specifically the one you show above. The changes basically disabled the key-slot you want to remove before doing the passphrase verification so that key-slot won't be used for verification, and then afterward re-enabling it before deleting it, pending a proper verification of course. -Bill Hulbert --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
