You are not logged in.
Pages: 1
Hi everybody,
I'm currently trying to encrypt the first partition of my external hard drive (western digital) like this
$> sudo cryptsetup --verbose -c aes-cbc-essiv:sha256 -y -s 512 luksFormat /dev/sdb1
WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command failed: Failed to setup dm-crypt key mapping.
Check kernel for support for the aes-cbc-essiv:sha256 cipher spec and verify that /dev/sdb1 contains at least 508 sectors
dmesg reports:
device-mapper: table: 254:2: crypt: Error setting key
device-mapper: ioctl: error adding target to table
device-mapper: ioctl: device doesn't appear to be in the dev hash table.
the partition table looks like that:
$> fdisk /dev/sdb
/dev/sdb1 1 26109 209720511 83 Linux
/dev/sdb2 26110 38913 102848130 c W95 FAT32 (LBA)
Maybe it's too easy and i can't see the solution, maybe the hard disk has a bug, maybe cryptsetup.. I don't know. Thanks in advance for any guess!
Cheers, cobolt
Offline
Have you loaded the modules (dm-crypt and aes-i586) for the Luks?
Read the wiki: http://wiki.archlinux.org/index.php/LUKS
Offline
Yes, I did.
My laptop drive is encrypted, so these modules should be loaded on startup anyway.
$> lsmod
[...]
sha256_generic 11348 0
aes_i586 7444 4
aes_generic 26900 1 aes_i586
cbc 3124 2
dm_crypt 12504 1
dm_mod 53640 5 dm_crypt
Offline
Does anybody have an idea? I'm still having no solution for this problem.
Is there maybe another way to encrypt the hdd without cryptsetup?
I'm happy with any advice.
Offline
Change the keysize to 256 and it will work.
/proc/crypto:
name : cbc(aes)
driver : cbc(aes-asm)
module : cbc
priority : 200
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
I guess those are in bytes, so max keysize for cbc is 256-bit? I use a 512-bit key with xts.
Last edited by fphillips (2009-05-08 00:25:00)
Offline
Thanks! That solved the problem, xts with 512-bit works fine.
Just one question: How did you find out? I mean, what does max keysize : 32 really say?
Offline
There are 8 bits per byte. If the max keysize is 32 bytes, then (32 * 8) = 256 bits. So cbc only handles up to a 256-bit key.
Offline
Pages: 1