[clug] Can't mount an encrupted backup file system
jhock
jhock at iinet.net.au
Sun Jun 10 01:25:39 MDT 2012
Hi David et al,
I have been busy with work so today is the first I have been able to get
back to this.
I grabbed an old 1GB memory stick and was able to on the old eeePC
(old):
# cryptsetup luksAddKey /dev/sdc <passphrase>
# cryptsetup luksOpen -d <passphrase> /dev/sdc /media/BA21-890E
If I then:
# cryptsetup status /media/BA21-890E/
I get :
/dev/mapper//media/BA21-890E/ is inactive.
I get the same on the new eeePC (new)
Sorry that I don't understand this much but does this mean that I can do
a similar thing on the encrypted 1TB drive and get it working on the new
compute?
IE. on the new computer
# cryptsetup
luksAddKey /dev/mapper//dev/mapper/udisks-luks-uuid-1976166a-f4d3-4709-82d4-2e8ad975bcf9-uid1000 <passphrase>
# cryptsetup luksOpen -d
<passphrase> /dev/mapper//dev/mapper/udisks-luks-uuid-1976166a-f4d3-4709-82d4-2e8ad975bcf9-uid1000 /media/backup /media/BA21-890E
Thanks for all your help.
John
On Mon, 2012-06-04 at 07:41 +1000, David Schoen wrote:
> On 02/06/12 15:39, jhock wrote:
> > Hi Peter,
> >
> > Thanks for the prompt reply. On my old eeePC the command sudo
> > cryptsetup
> > status /dev/mapper/udisks-luks-uuid-1976166a-f4d3-4709-82d4-2e8ad975bcf9-uid1000
> >
> > gives the output:
> >
> >
> > /dev/mapper//dev/mapper/udisks-luks-uuid-1976166a-f4d3-4709-82d4-2e8ad975bcf9-uid1000 is active:
> > cipher: aes-cbc-essiv:sha256
> > keysize: 128 bits
> > device: /dev/sdb1
> > offset: 1032 sectors
> > size: 1953518970 sectors
> > mode: read/write
> >
> > I don't know how to get the details of the backup device when it won't
> > mount.
> >
>
> I get largely identical output output on a working backup drive that
> I've been using since before Ubuntu 10.04 and is still working under 12.04:
> # cryptsetup status /dev/mapper/backup-2570af82-8c38-42b3-82aa-e8c1e30f1f73
> /dev/mapper/backup-2570af82-8c38-42b3-82aa-e8c1e30f1f73 is active and is
> in use.
> type: LUKS1
> cipher: aes-cbc-essiv:sha256
> keysize: 128 bits
> device: /dev/sdc1
> offset: 1032 sectors
> size: 1953518970 sectors
> mode: read/write
>
> The error you're getting is the same error as if the passphrase was wrong.
>
> One thing worth a stab assuming you can still mount it on the old eeePC
> would be to create a key file (something with ~4kb of random noise) on
> the old eeePC and add that as another key for the device:
> # cryptsetup luksAddKey <device> <key file>
> and then try the drive on the new eeePC with the key file:
> # cryptsetup luksOpen --key-file <key file> <device> <label>
>
> IIRC you can have as many as 4 key files or passphrases. These are not
> used to encrypt the drive directly, but simply to encrypt the key that
> the drive is encrypted with - in other words adding and removing a key
> doesn't require reencrypting the whole drive, it's quite a fast operation.
>
> Depending on your use case you may want to be very careful to ensure the
> key file can't open the drive once you have it working again - but in my
> case I'm only worried about stolen drives in transit so I use key files
> simply to save typing in passphrases each time I reboot the server.
>
>
> Cheers,
> Dave
>
>
More information about the linux
mailing list