cryptsetup - can't decrypt partition [SOLVED]

rsgnd · 2008-06-18 14:49:15

Hello there.

I can't find a solution for my problem and i've been searching the wiki and forum without success.
Therefore i'll post it here and hope, somebody can help me.

Problem:

After installing Archlinux I'm not able to decrypt my luks-encrypted harddisk anymore.
I used CRUX before and encrypted one of my harddisks with luks.
As far as i can tell, i've loaded all the neccessary modules (dm-crypt, aes-i586, sha256). I've even loaded other crypto-modules trying to solve the problem.

If i invoke:

cryptsetup luksOpen /dev/sdb1 sdb1

The Passphrase-Prompt comes up. After typing the correct* passphrase, the prompt comes up again, just like after entering a wrong passphrase.
[*I tested this of course. The keymap is correct. The Phrase is correct.]
When booting from the Arch-Install-CD and invoking cryptsetup, everything works fine. Same under other Live-Systems, e.g. KNOPPIX.

There must be a solution to this. I can't figure out, what i am missing.
I'd like to use Archlinux very much, but if i'm not able to decrypt my encrypted harddisk i have to go back to CRUX.
If somebody has any idea, suggestion or similar experience, please let me know.

(hopefully my english isn't too bad)

Thanks in advance

Last edited by rsgnd (2008-06-19 14:07:52)

arch0r · 2008-06-18 18:20:06

same problem here, if i try to mount /dev/sdb1. try /dev/sdb

rsgnd · 2008-06-18 18:27:28

Opening /dev/sdb with cryptsetup wouldn't make any sense. The encrypted Partition is sdb1 and

cryptsetup luksOpen /dev/sdb

couldn't work.

solstice · 2008-06-18 19:40:48

(1) you can put your pass-phrase in a text file without an eol. and use it with cryptsetup
crypsetup --key-file yourfilewithpassphrase luksOpen /dev/sdb1 sdb1

it will allow to check the pass-phrase.

(2) are you sure about the partition ? is it the correct one ? the correct hdd ?
can you run
cryptsetup isLuks /dev/sdb1
or
cryptsetup luksDump /dev/sdb1
and what does it say ? is it ok ?

why don't you use /etc/crypttab to automatically mount that partition. that's what i do . i put my pass-phrase in a file (not really secure but i don't care).

rsgnd · 2008-06-18 22:59:29

yay! I finally got it working. (partly)

@solstice:

(2) yes, i'm sure about the partition. as i wrote in my first post, it is definitely the correct one and worked fine under CRUX and also under Arch-Install-CD or KNOPPIX.

cryptsetup isLuks - doesn't give any output

cryptsetup luksDump - works fine -->

LUKS header information for /dev/sdb1

Version:           1
Cipher name:       aes
Cipher mode:       cbc-essiv:sha256
Hash spec:         sha1
Payload offset:    1032
MK bits:           128
MK digest:         xx xx 
MK salt:           xx xx
MK iterations:     10
UUID:              xx xx

Key Slot 0: ENABLED

I tried using the Encrypt-HOOK and crypttab, but had the same problem (logically).
I just want it to work manually, as i mount the relevant harddisks just sporadically.
Just a question: Why do you use encryption and store the passphrase in a file? As you said, it isn't really secure, if somebody gains access to your machine. And that is the point, isn't it?
Thanks for your help and suggestions, solstice! Even though it wasn't the key to my problem, it got me testing some more and eventually made me stumble upon something.

So, this is what i found out meanwhile:

I am using a german (de) keymap, but english locales. I assumed from the beginning, that the problem must have something to do with the character-input at the passphrase-prompt.
On the console, i can type the passphrase with the de-keymap and an en_US-locale and all the characters i need appear correct. Nevertheless, if i typed the phrase at the luks-prompt, it wouldn't get recognized.
I changed LC_ALL to an de_DE setting and after a reboot the decryption worked fine. Changing the locale without rebooting doesn't work; after a 'locale'-command, the variables are correct, of course, but apparently the passphrase-prompt works some other way.
So with a de_De-locale in rc.conf enabled, cryptsetup works fine! Now the only problem is to get it to work with the en_US-locale, as i prefer my locales in english.
Regardless, i'm happy getting closer to the solution. This means, i'll stay with Archlinux, as i hoped to do.
If someone has any idea, why this problem occurs, and how i can solve it to work with an en-locale, please let me know.

Thanks a lot
rsgnd

solstice · 2008-06-19 09:26:53

you can change the locale temporaly on the command line
just use
LANG=de_DE cryptsetup luksOpen /dev/sdb1 sdb1

and it will be fine
or use LC_ALL

rsgnd · 2008-06-19 14:07:32

Okay, after some more testing i figured out, that the problem only appears with an UTF-8-Locale.
So, using the en_US.iso8859-1 locale works fine, as well as the de_DE.iso8859-1 locale.
Don't know exactly why, but it has to have something to do with the characters of the passphrase.

However, i'm glad i got it working and can now enjoy my Arch-Experience.

Thanks again for sharing your thoughts.
rsgnd

Arch Linux

#1 2008-06-18 14:49:15

cryptsetup - can't decrypt partition [SOLVED]

#2 2008-06-18 18:20:06

Re: cryptsetup - can't decrypt partition [SOLVED]

#3 2008-06-18 18:27:28

Re: cryptsetup - can't decrypt partition [SOLVED]

#4 2008-06-18 19:40:48

Re: cryptsetup - can't decrypt partition [SOLVED]

#5 2008-06-18 22:59:29

Re: cryptsetup - can't decrypt partition [SOLVED]

#6 2008-06-19 09:26:53

Re: cryptsetup - can't decrypt partition [SOLVED]

#7 2008-06-19 14:07:32

Re: cryptsetup - can't decrypt partition [SOLVED]

Board footer