I think it would be good if the terminal response messages were a
little more clear on exactly what's going on.
#1
Apparently, using the option --key-file after specifying the device
makes cryptsetup think that "--key-file" is the name of the file, which
causes the error "No key available with this passphrase." I think it
would be good to make an exception for that.
root@shadowtek-lucid:~# cryptsetup luksAddKey --key-slot 1 /dev/sda5 --key-file /etc/cryptkeys/swap.key
No key available with this passphrase.
#2
When I tried it without the --key-file option, it appeared to me that
the keyfile was again not being read correctly, and that I was being asked to
manually enter a new passphrase.
root@shadowtek-lucid:~# cryptsetup luksAddKey --key-slot 1 /dev/sda5 /etc/cryptkeys/swap.key
Enter any passphrase:
No key available with this passphrase.
# 3
When I tried to enter a new password manually, I was greeted with the
same error, so I was under the impression that I was running into the
same problem as before.
root@shadowtek-lucid:~# cryptsetup luksAddKey --key-slot 1 /dev/sda5
Enter any passphrase:
No key available with this passphrase.
After trying #2 again, this time entering an existing passphrase, it worked. Thanks.
On Fri, 2010-09-03 at 09:30 +0200, Arno Wagner wrote:
I think you are using the wrong passphrase. You have to give the passphrase of an existing used key-slot to add a new one. Otherwise there would be a rather obvious attack ... It should ask you for the passphrase for the new slot after that. Arno On Fri, Sep 03, 2010 at 12:24:46AM -0400, PsiStormYamato wrote: > I'm trying to add a keyfile that I created to a new keyslot for my > encrypted swap partition, but I keep getting the error "No key > available with this passphrase". I've never done this before, so I > might be missing something simple, but I can't get it to work by > manually entering a passphase either. > > Is there something else that has to be done to "enable" a keyslot > before a key can be added to it? That's the only other thing that I can > think of. > > > # Tried with keyfile. > root@ubuntu:~# cryptsetup luksAddKey --key-slot 1 /dev/sda5 > -d /media/Ubuntu_10_04/etc/cryptkeys/swap.key > > No key available with this passphrase. > > > # Tried with manual passphrase. > > root@subuntu:/etc/cryptkeys# cryptsetup luksAddKey --key-slot > 1 /dev/sda5 > > Enter any passphrase: > No key available with this passphrase. > > > # luksDump > root@ubuntu:/etc/cryptkeys# cryptsetup luksDump /dev/sda5 > LUKS header information for /dev/sda5 > > Version: 1 > Cipher name: aes > Cipher mode: cbc-essiv:sha256 > Hash spec: sha1 > Payload offset: 2056 > MK bits: 256 > MK digest: 25 a3 74 7e 25 fd a4 a6 18 b7 a7 63 da 95 68 26 6c da 55 4c > MK salt: df 87 4a c3 0d 93 5a a9 3a 49 71 33 d4 4a ba bc > ca b7 ef d6 cd 89 41 16 6c eb 61 5d 2a 73 2b a5 > MK iterations: 10 > UUID: bb827496-8fe5-4c55-9b76-1373d850c548 > > Key Slot 0: ENABLED > Iterations: 173012 > Salt: 74 03 b2 a6 3c 36 95 28 bb 7f 1b e3 fc ec 84 14 > 6f ee 17 fc 63 7a 33 53 60 5e 43 9f 8a dd 1a 18 > Key material offset: 8 > AF stripes: 4000 > Key Slot 1: DISABLED > Key Slot 2: DISABLED > Key Slot 3: DISABLED > Key Slot 4: DISABLED > Key Slot 5: DISABLED > Key Slot 6: DISABLED > Key Slot 7: DISABLED > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
