[clug] Can't mount an encrupted backup file system
David Schoen
dave at lyte.id.au
Sun Jun 3 15:41:20 MDT 2012
On 02/06/12 15:39, jhock wrote:
> Hi Peter,
>
> Thanks for the prompt reply. On my old eeePC the command sudo
> cryptsetup
> status /dev/mapper/udisks-luks-uuid-1976166a-f4d3-4709-82d4-2e8ad975bcf9-uid1000
>
> gives the output:
>
>
> /dev/mapper//dev/mapper/udisks-luks-uuid-1976166a-f4d3-4709-82d4-2e8ad975bcf9-uid1000 is active:
> cipher: aes-cbc-essiv:sha256
> keysize: 128 bits
> device: /dev/sdb1
> offset: 1032 sectors
> size: 1953518970 sectors
> mode: read/write
>
> I don't know how to get the details of the backup device when it won't
> mount.
>
I get largely identical output output on a working backup drive that
I've been using since before Ubuntu 10.04 and is still working under 12.04:
# cryptsetup status /dev/mapper/backup-2570af82-8c38-42b3-82aa-e8c1e30f1f73
/dev/mapper/backup-2570af82-8c38-42b3-82aa-e8c1e30f1f73 is active and is
in use.
type: LUKS1
cipher: aes-cbc-essiv:sha256
keysize: 128 bits
device: /dev/sdc1
offset: 1032 sectors
size: 1953518970 sectors
mode: read/write
The error you're getting is the same error as if the passphrase was wrong.
One thing worth a stab assuming you can still mount it on the old eeePC
would be to create a key file (something with ~4kb of random noise) on
the old eeePC and add that as another key for the device:
# cryptsetup luksAddKey <device> <key file>
and then try the drive on the new eeePC with the key file:
# cryptsetup luksOpen --key-file <key file> <device> <label>
IIRC you can have as many as 4 key files or passphrases. These are not
used to encrypt the drive directly, but simply to encrypt the key that
the drive is encrypted with - in other words adding and removing a key
doesn't require reencrypting the whole drive, it's quite a fast operation.
Depending on your use case you may want to be very careful to ensure the
key file can't open the drive once you have it working again - but in my
case I'm only worried about stolen drives in transit so I use key files
simply to save typing in passphrases each time I reboot the server.
Cheers,
Dave
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/linux/attachments/20120604/7a7ed55c/attachment.pgp>
More information about the linux
mailing list