It is relatively obvious that it asks for an existing passphrase if you think about it. After all, if you could just add a new one, that would be a way to break the encryption. Arno On Fri, Sep 03, 2010 at 11:36:55AM -0400, PsiStormYamato wrote: > Ok, I see what the problem is. Thanks. > > I think it would be good if the terminal response messages were a > little more clear on exactly what's going on. > > #1 > Apparently, using the option --key-file after specifying the device > makes cryptsetup think that "--key-file" is the name of the file, which > causes the error "No key available with this passphrase." I think it > would be good to make an exception for that. > > root@shadowtek-lucid:~# cryptsetup luksAddKey --key-slot 1 /dev/sda5 > --key-file /etc/cryptkeys/swap.key > No key available with this passphrase. > > #2 > When I tried it without the --key-file option, it appeared to me that > the keyfile was again not being read correctly, and that I was being > asked to > manually enter a new passphrase. > > root@shadowtek-lucid:~# cryptsetup luksAddKey --key-slot > 1 /dev/sda5 /etc/cryptkeys/swap.key > Enter any passphrase: > No key available with this passphrase. > > # 3 > When I tried to enter a new password manually, I was greeted with the > same error, so I was under the impression that I was running into the > same problem as before. > > root@shadowtek-lucid:~# cryptsetup luksAddKey --key-slot 1 /dev/sda5 > Enter any passphrase: > No key available with this passphrase. > > After trying #2 again, this time entering an existing passphrase, it > worked. Thanks. > > > On Fri, 2010-09-03 at 09:30 +0200, Arno Wagner wrote: > > > I think you are using the wrong passphrase. You have to give > > the passphrase of an existing used key-slot to add a new > > one. Otherwise there would be a rather obvious attack ... > > > > It should ask you for the passphrase for the new slot after that. > > > > Arno > > > > On Fri, Sep 03, 2010 at 12:24:46AM -0400, PsiStormYamato wrote: > > > I'm trying to add a keyfile that I created to a new keyslot for my > > > encrypted swap partition, but I keep getting the error "No key > > > available with this passphrase". I've never done this before, so I > > > might be missing something simple, but I can't get it to work by > > > manually entering a passphase either. > > > > > > Is there something else that has to be done to "enable" a keyslot > > > before a key can be added to it? That's the only other thing that I can > > > think of. > > > > > > > > > # Tried with keyfile. > > > root@ubuntu:~# cryptsetup luksAddKey --key-slot 1 /dev/sda5 > > > -d /media/Ubuntu_10_04/etc/cryptkeys/swap.key > > > > > > No key available with this passphrase. > > > > > > > > > # Tried with manual passphrase. > > > > > > root@subuntu:/etc/cryptkeys# cryptsetup luksAddKey --key-slot > > > 1 /dev/sda5 > > > > > > Enter any passphrase: > > > No key available with this passphrase. > > > > > > > > > # luksDump > > > root@ubuntu:/etc/cryptkeys# cryptsetup luksDump /dev/sda5 > > > LUKS header information for /dev/sda5 > > > > > > Version: 1 > > > Cipher name: aes > > > Cipher mode: cbc-essiv:sha256 > > > Hash spec: sha1 > > > Payload offset: 2056 > > > MK bits: 256 > > > MK digest: 25 a3 74 7e 25 fd a4 a6 18 b7 a7 63 da 95 68 26 6c da 55 4c > > > MK salt: df 87 4a c3 0d 93 5a a9 3a 49 71 33 d4 4a ba bc > > > ca b7 ef d6 cd 89 41 16 6c eb 61 5d 2a 73 2b a5 > > > MK iterations: 10 > > > UUID: bb827496-8fe5-4c55-9b76-1373d850c548 > > > > > > Key Slot 0: ENABLED > > > Iterations: 173012 > > > Salt: 74 03 b2 a6 3c 36 95 28 bb 7f 1b e3 fc ec 84 14 > > > 6f ee 17 fc 63 7a 33 53 60 5e 43 9f 8a dd 1a 18 > > > Key material offset: 8 > > > AF stripes: 4000 > > > Key Slot 1: DISABLED > > > Key Slot 2: DISABLED > > > Key Slot 3: DISABLED > > > Key Slot 4: DISABLED > > > Key Slot 5: DISABLED > > > Key Slot 6: DISABLED > > > Key Slot 7: DISABLED > > > > > > > > _______________________________________________ > > > dm-crypt mailing list > > > dm-crypt@xxxxxxxx > > > http://www.saout.de/mailman/listinfo/dm-crypt > > > > > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
