[clug] Can't mount an encrupted backup file system

David Schoen dave at lyte.id.au
Sun Jun 3 15:41:20 MDT 2012 

On 02/06/12 15:39, jhock wrote:
> Hi Peter,
>
> Thanks for the prompt reply.  On my old eeePC the command sudo
> cryptsetup
> status /dev/mapper/udisks-luks-uuid-1976166a-f4d3-4709-82d4-2e8ad975bcf9-uid1000
>
> gives the output:
>
>
> /dev/mapper//dev/mapper/udisks-luks-uuid-1976166a-f4d3-4709-82d4-2e8ad975bcf9-uid1000 is active:
>   cipher:  aes-cbc-essiv:sha256
>   keysize: 128 bits
>   device:  /dev/sdb1
>   offset:  1032 sectors
>   size:    1953518970 sectors
>   mode:    read/write
>
> I don't know how to get the details of the backup device when it won't
> mount.
>

I get largely identical output output on a working backup drive that
I've been using since before Ubuntu 10.04 and is still working under 12.04:
# cryptsetup status /dev/mapper/backup-2570af82-8c38-42b3-82aa-e8c1e30f1f73
/dev/mapper/backup-2570af82-8c38-42b3-82aa-e8c1e30f1f73 is active and is
in use.
  type:    LUKS1
  cipher:  aes-cbc-essiv:sha256
  keysize: 128 bits
  device:  /dev/sdc1
  offset:  1032 sectors
  size:    1953518970 sectors
  mode:    read/write

The error you're getting is the same error as if the passphrase was wrong.

One thing worth a stab assuming you can still mount it on the old eeePC
would be to create a key file (something with ~4kb of random noise) on
the old eeePC and add that as another key for the device:
# cryptsetup luksAddKey <device> <key file>
and then try the drive on the new eeePC with the key file:
# cryptsetup luksOpen --key-file <key file> <device> <label>

IIRC you can have as many as 4 key files or passphrases. These are not
used to encrypt the drive directly, but simply to encrypt the key that
the drive is encrypted with - in other words adding and removing a key
doesn't require reencrypting the whole drive, it's quite a fast operation.

Depending on your use case you may want to be very careful to ensure the
key file can't open the drive once you have it working again - but in my
case I'm only worried about stolen drives in transit so I use key files
simply to save typing in passphrases each time I reboot the server.


Cheers,
Dave


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/linux/attachments/20120604/7a7ed55c/attachment.pgp>

More information about the linux mailing list