[clug] Can't mount an encrupted backup file system

jhock jhock at iinet.net.au
Sun Jun 10 01:25:39 MDT 2012 

Hi David et al,

I have been busy with work so today is the first I have been able to get
back to this.

I grabbed an old 1GB memory stick and was able to on the old eeePC
(old):

# cryptsetup luksAddKey /dev/sdc <passphrase>
# cryptsetup luksOpen -d <passphrase> /dev/sdc /media/BA21-890E

If I then:
#  cryptsetup status /media/BA21-890E/

I get :
/dev/mapper//media/BA21-890E/ is inactive.

I get the same on the new eeePC (new)

Sorry that I don't understand this much but does this mean that I can do
a similar thing on the encrypted 1TB drive and get it working on the new
compute?

IE. on the new computer

# cryptsetup
luksAddKey /dev/mapper//dev/mapper/udisks-luks-uuid-1976166a-f4d3-4709-82d4-2e8ad975bcf9-uid1000 <passphrase>
# cryptsetup luksOpen -d
<passphrase> /dev/mapper//dev/mapper/udisks-luks-uuid-1976166a-f4d3-4709-82d4-2e8ad975bcf9-uid1000 /media/backup /media/BA21-890E

Thanks for all your help.

John

On Mon, 2012-06-04 at 07:41 +1000, David Schoen wrote:
> On 02/06/12 15:39, jhock wrote:
> > Hi Peter,
> >
> > Thanks for the prompt reply.  On my old eeePC the command sudo
> > cryptsetup
> > status /dev/mapper/udisks-luks-uuid-1976166a-f4d3-4709-82d4-2e8ad975bcf9-uid1000
> >
> > gives the output:
> >
> >
> > /dev/mapper//dev/mapper/udisks-luks-uuid-1976166a-f4d3-4709-82d4-2e8ad975bcf9-uid1000 is active:
> >   cipher:  aes-cbc-essiv:sha256
> >   keysize: 128 bits
> >   device:  /dev/sdb1
> >   offset:  1032 sectors
> >   size:    1953518970 sectors
> >   mode:    read/write
> >
> > I don't know how to get the details of the backup device when it won't
> > mount.
> >
> 
> I get largely identical output output on a working backup drive that
> I've been using since before Ubuntu 10.04 and is still working under 12.04:
> # cryptsetup status /dev/mapper/backup-2570af82-8c38-42b3-82aa-e8c1e30f1f73
> /dev/mapper/backup-2570af82-8c38-42b3-82aa-e8c1e30f1f73 is active and is
> in use.
>   type:    LUKS1
>   cipher:  aes-cbc-essiv:sha256
>   keysize: 128 bits
>   device:  /dev/sdc1
>   offset:  1032 sectors
>   size:    1953518970 sectors
>   mode:    read/write
> 
> The error you're getting is the same error as if the passphrase was wrong.
> 
> One thing worth a stab assuming you can still mount it on the old eeePC
> would be to create a key file (something with ~4kb of random noise) on
> the old eeePC and add that as another key for the device:
> # cryptsetup luksAddKey <device> <key file>
> and then try the drive on the new eeePC with the key file:
> # cryptsetup luksOpen --key-file <key file> <device> <label>
> 
> IIRC you can have as many as 4 key files or passphrases. These are not
> used to encrypt the drive directly, but simply to encrypt the key that
> the drive is encrypted with - in other words adding and removing a key
> doesn't require reencrypting the whole drive, it's quite a fast operation.
> 
> Depending on your use case you may want to be very careful to ensure the
> key file can't open the drive once you have it working again - but in my
> case I'm only worried about stolen drives in transit so I use key files
> simply to save typing in passphrases each time I reboot the server.
> 
> 
> Cheers,
> Dave
> 
>

More information about the linux mailing list