Arch Linux

loserMcloser

Member

From: Canada

Registered: 2004-12-15

Posts: 130

cryptsetup upgrade problems

The webpage for the new cryptsetup package doesn't seem to have a relevant FAQ, so I though I'd ask here -- how do I use the new cryptsetup with existing encrypted loop files?

For cryptsetup-0.2pre1-1 and earlier, I would do something like (with an encrypted key file):

> losetup /dev/loop0 /path/to/loop/file
> cat /path/to/key.file | openssl aes-256-ecb -d | cryptsetup create encryptedVolume /dev/loop0
> mount /dev/mapper/encryptedVolume /mnt/encrypted

But after upgrading to cryptsetup-1.0.1-1, the mount command tells me "you must specify the filesystem type". And then throwing in a

> mount -t ext2 /dev/mapper/encryptedVolume /mnt/encrypted

tells me that either it's not an ext2 filesystem or that the superblock is corrupt!!

Then I started freaking out, but a downgrade to cryptsetup-0.2pre1-1 allowed me to access my data again.

This cryptsetup-luks stuff seems like it is only for encrypting partitions, can't seem to find anything about loop devices in there... ?

apeiro

Daddy

From: Victoria, BC, Canada

Registered: 2002-08-12

Posts: 771

Website

Re: cryptsetup upgrade problems

Odd.  In my tests, the new cryptsetup was perfectly compatible with devices encrypted with 0.1 or 0.2pre1.

cryptsetup (old or new) itself doesn't care if it's loopback device or not, it just wants any ol' block device.

If I were to guess, I'd say there's some problem with the keyfile going in.  Is your keyfile a hash, or the plain-text password?  If it's plaintext, you could try using the hashalot program to generate a new key file that can be used with cryptsetup's -d switch.

# cat /path/to/old/key.file | hashalot -n 32 ripemd160 >new.key
# losetup /dev/loop/0 secret.file
# cryptsetup -d new.key create topsecret /dev/loop/0

I've never used openssl to hash them before, but hashalot's ripemd160 hashes seem to work fine with cryptsetup.