You are not logged in.

#1 2021-09-29 16:21:53

Registered: 2021-09-29
Posts: 1

cryptsetup: "No key available with this passphrase." on two devices


Yesterday I updated both my personal and my work laptop with "pacman -Suy" as I do on a regular basis. Both devices have an encrypted root partition using cryptsetup / LUKS. This morning, I encountered the same problem on both devices: the password I entered during boot was not accepted. After three tries it gives the output

[FAILED] Failed to start Cryptography Setup for <mapped name>

To inspect the issue I booted using a live USB and tried to open the partition using cryptsetup. The result was similar: my password was not accepted and after three tries it gave the error

No key available with this passphrase.

Searching for this issues, I found several possible causes:

- Corruption of the LUKS header
- Wrong passphrase due to wrong keymaps
- Hardware failure

As I understand, corruption of the LUKS header is difficult to verify. At the very least, "cryptsetup isLuks --verbose <device>" returns "Command successful." and "cryptsetup luksDump <device>" gives sensible looking output" (but I'm no Luks expert). Other than that, it seems unlikely that the LUKS header on two different devices are suddenly corrupted due to a routine upgrade.

To verify that there is not a problem with the passphrase, I tried the following commands:

echo -n '<passphrase>' | cryptsetup open <device> <mapped name>
echo -n '<passphrase>' | cryptsetup open --key-file=- <device> <mapped name>
echo -n '<passphrase>' > passphrase.txt; cryptsetup open --key-file=passphrase.txt <device> <mapped name>

Since it affects two devices at the same time, hardware failure also seems unlikely. My personal laptop is an old Lenovo Thinkpad with an HDD that has been in use for several years without a reinstall. The other is a new Dell XPS with an NVME which had a fresh install less than two months ago.

I'm stuck as to what might be the cause of this, and I would rather fix it than perform a fresh install and wiping the disks. Unfortunately, I haven't backed up the LUKS headers.

Hopefully someone can give me advice on how I should proceed, and if there is anything else I can try.

Thanks you in advance!


Board footer

Powered by FluxBB