On Tue, 2009-05-05 at 16:40 +0530, Sitaram Chamarty wrote: > On Tue, May 5, 2009 at 8:07 AM, Ross Boylan <ross@xxxxxxxxxxxxxxxx> wrote: > > > # cryptsetup --hash sha1 --cipher cbc-essiv:sha256 --key-size 256 > > luksFormat /dev/turtle/var2 > > # cryptsetup luksOpen /dev/turtle/var2 /dev/mapper/turtle-var2_crypt > > Enter LUKS passphrase: > > Command failed: No key available with this passphrase. > > > > I would have said your second argument should not have the /dev/mapper > prefix. What's weird is that in my case, if I try the same thing, I get: > > Enter LUKS passphrase: > key slot 0 unlocked. > Command failed: dm_task_set_name: Device /dev/mapper/turtle-var2_crypt not > found > > The error message is different. > > As I understood it, the <name> you use in luksOpen could be *anything*; it > doesn't have to have any relation or relevance to the luksDevice you're > opening. Whatever name you choose becomes the new device (with /dev/mapper/ > prefixed) for other operations like mount. Thank you for the tip. I corrected that, but still had problems. The ultimate cause was the wrong cipher spec in my luksFormat command. It should have been # cryptsetup --hash sha1 --cipher aes-cbc-essiv:sha256 --key-size 256 luksFormat /dev/turtle/var2 I left out the leading aes, which was reported on a separate line in luksDump. The correct open is # cryptsetup luksOpen /dev/turtle/var2 turtle-var2_crypt I omitted both sending and looking closely at the response to my original command. It was --------------------------------- # cryptsetup --hash sha1 --cipher cbc-essiv:sha256 --key-size 256 luksFormat /dev/turtle/var2 WARNING! ======== This will overwrite data on /dev/turtle/var2 irrevocably. Are you sure? (Type uppercase yes): YES Enter LUKS passphrase: Verify passphrase: Command failed: Failed to setup dm-crypt key mapping. Check kernel for support for the cbc-essiv:sha256 cipher spec and verify that /dev/turtle/var2 contain\ s at least 258 sectors ------------------------------------------ The last 3 lines are the clue. Out of curiosity, how does one find the legitimate values for the options (hash, cipher)? Some are listed on the man page, but it doesn't appear to be exhaustive. /proc/crypto has some info, but it's a bit hard to interpret* and probably just has loaded modules. For example, man cryptsetup says ripemd160 is the default hash, but it's not listed. * I'm guessing type: shash is for hashes, but there are several cipher types and I don't know which are OK for cryptsetup or how to go from the names in /proc/crypto to the names in --cipher. BTW, man says the correct cipher I picked is the default for LUKS, so I could have just omitted the --cipher option. Ross --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
