[clug] Can't mount an encrupted backup file system

jhock jhock at iinet.net.au
Mon Jun 11 20:05:27 MDT 2012 


On Mon, 2012-06-11 at 15:41 +1000, Brett Worth wrote:
> On 11/06/12 13:17, jhock wrote:
> > Hi Brett,
> >
> > Thanks for your reply. Please see results and comments in line below:
> >
> > I then thought that I needed to add a luks key so I did:
> >
> > # cryptsetup luksAddKey /dev/sdd FRED
> > # cryptsetup luksOpen /dev/sdd FRED
> >
> > and still got:
> >
> > # cryptsetup status FRED
> > /dev/mapper/FRED is inactive.
> 
> If you do a "cryptsetup luksDump /dev/sdc" it will show you what the encrypted device was 
> luksFormat'd with.
> 

This command on the old eeePC for the 1Tb backup disk gives:

# cryptsetup luksDump /dev/sdc1
LUKS header information for /dev/sdc1

Version:       	1
Cipher name:   	aes
Cipher mode:   	cbc-essiv:sha256
Hash spec:     	sha1
Payload offset:	1032
MK bits:       	128
MK digest:     	8b d3 ed 6a 71 d3 1c c7 7b b4 4c 88 7b bd 35 3d 10 82 47
f6 
MK salt:       	84 a5 c5 68 97 5d 51 6e 2d 85 6b d4 6b d7 eb 52 
               	b1 21 37 4b 98 3b 45 61 92 11 5c 19 fd 1f 00 13 
MK iterations: 	10
UUID:          	1976166a-f4d3-4709-82d4-2e8ad975bcf9

Key Slot 0: ENABLED
	Iterations:         	22266
	Salt:               	98 72 3e f8 7d 3e f5 d5 ed 42 66 2f 3f d6 ee b9 
	                      	8c 64 16 8e 8a 45 33 b8 85 99 df d7 fc 0f 81 b0 
	Key material offset:	8
	AF stripes:            	4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

> You can then do a "grep ^name /proc/crypto" and see what crypto algorithms are available.
> 

Here are the results of that command:

# grep ^name /proc/crypto
name         : ecb(aes)
name         : sha256
name         : sha224
name         : cbc(aes)
name         : cbc(aes)
name         : aes
name         : aes
name         : stdrng
name         : md5

> You seem to have a mismatch.
> 

I agree. If I do the cryptsetup luksDump on the 1Gb memory stick the
Cipher mode and hash spec are different. Are there some parameters I can
pass into the cryptsetup command? Here is the output for the 1Gb memory
stick:

# cryptsetup luksDump /dev/sdd1
LUKS header information for /dev/sdd1

Version:       1
Cipher name:   aes
Cipher mode:   cbc-plain
Hash spec:     sha256
Payload offset: 2056
MK bits:       256
MK digest:     55 21 89 8b ae 78 79 c8 52 d8 15 a2 58 0c 25 26 d8 11 46
5c 
MK salt:       45 8f 47 d0 36 aa c5 e5 dc 5c dd 79 cf 92 43 b0 
               56 d4 a2 9b 1a 8c 67 2e f3 00 1d 1f a6 c5 e3 a9 
MK iterations: 10
UUID:          b660e0d9-794a-4493-ba64-84c4de9269b6

Key Slot 0: DISABLED
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

> The messages about access to /dev/bus/usb... is a puzzle.
> 
> Just to back up a bit...
> 
> Did you originally say you had an encrypted external hard disk you were trying to mount on 
> your new machine but can't?  

Yes. That is right.

>
> All this playing with thumb drives is just so you don't break 
> the data on this disk while sorting out the problem?

Yes exactly. I don't want to lose the information on the encrypted 1Tb
backup but I'm willing to lose test data on a 1Gb memory stick to test
how things work. If I can work out how to see the 1Gb memory stick on
both the old eeePC and the new eePC then maybe I can recover
my /home, /var, /opt and /etc directories from the 1TB backup disk using
the "Simple bakup restore" GUI.

> I you could get a luksDump of the external disk that might help.
> 

Please see above for the luksDump of the 1Tb backup disk that won't
mount on the new eeePC and the 1Gb memory stick that won't mount on
either after running the cryptsetup luksFormat command.


Thanks.

John

> Brett

More information about the linux mailing list