cryptsetup on wd external hard drive

cobolt · 2009-04-18 05:41:08

Hi everybody,

I'm currently trying to encrypt the first partition of my external hard drive (western digital) like this

$> sudo cryptsetup --verbose -c aes-cbc-essiv:sha256 -y -s 512 luksFormat /dev/sdb1
WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase: 
Verify passphrase: 
Command failed: Failed to setup dm-crypt key mapping.
Check kernel for support for the aes-cbc-essiv:sha256 cipher spec and verify that /dev/sdb1 contains at least 508 sectors

dmesg reports:

device-mapper: table: 254:2: crypt: Error setting key
device-mapper: ioctl: error adding target to table
device-mapper: ioctl: device doesn't appear to be in the dev hash table.

the partition table looks like that:

$> fdisk /dev/sdb
/dev/sdb1               1       26109   209720511   83  Linux
/dev/sdb2           26110       38913   102848130    c  W95 FAT32 (LBA)

Maybe it's too easy and i can't see the solution, maybe the hard disk has a bug, maybe cryptsetup.. I don't know. Thanks in advance for any guess!

Cheers, cobolt

cwjiof · 2009-04-18 08:20:01

Have you loaded the modules (dm-crypt and aes-i586) for the Luks?

Read the wiki: http://wiki.archlinux.org/index.php/LUKS

cobolt · 2009-04-18 08:52:28

Yes, I did.
My laptop drive is encrypted, so these modules should be loaded on startup anyway.

$> lsmod
[...]
sha256_generic         11348  0 
aes_i586                7444  4 
aes_generic            26900  1 aes_i586
cbc                     3124  2 
dm_crypt               12504  1 
dm_mod                 53640  5 dm_crypt

cobolt · 2009-05-07 13:37:15

Does anybody have an idea? I'm still having no solution for this problem.
Is there maybe another way to encrypt the hdd without cryptsetup?

I'm happy with any advice.

fphillips · 2009-05-08 00:09:01

Change the keysize to 256 and it will work.

/proc/crypto:

name         : cbc(aes)
driver       : cbc(aes-asm)
module       : cbc
priority     : 200
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

I guess those are in bytes, so max keysize for cbc is 256-bit? I use a 512-bit key with xts.

Last edited by fphillips (2009-05-08 00:25:00)

cobolt · 2009-05-13 12:47:02

Thanks! That solved the problem, xts with 512-bit works fine.
Just one question: How did you find out? I mean, what does max keysize : 32 really say?

fphillips · 2009-05-13 19:16:27

There are 8 bits per byte. If the max keysize is 32 bytes, then (32 * 8) = 256 bits. So cbc only handles up to a 256-bit key.

Arch Linux

#1 2009-04-18 05:41:08

cryptsetup on wd external hard drive

#2 2009-04-18 08:20:01

Re: cryptsetup on wd external hard drive

#3 2009-04-18 08:52:28

Re: cryptsetup on wd external hard drive

#4 2009-05-07 13:37:15

Re: cryptsetup on wd external hard drive

#5 2009-05-08 00:09:01

Re: cryptsetup on wd external hard drive

#6 2009-05-13 12:47:02

Re: cryptsetup on wd external hard drive

#7 2009-05-13 19:16:27

Re: cryptsetup on wd external hard drive

Board footer