cryptsetup and how to create luks partiton?

To: debian-live@lists.debian.org
Subject: cryptsetup and how to create luks partiton?
From: Rui Miguel Bernardo <rui.bernardo.pt@gmail.com>
Date: Mon, 27 Jul 2009 12:10:19 +0100
Message-id: <5cdb45e00907270410l374195bcg67029eae94f86d6c@mail.gmail.com>

Hi,

recently live-helpers was corrected for cryptsetup calls for persistency
on luks.

http://git.debian.net/?p=debian-live/live-initramfs.git;a=commit;h=d6df808045a033b717c2a9a903ed4f9cbb7c67a4

I was trying to use this feature but I was getting the following error:

/lib/cryptsetup/askpass Enter passphrase for live-rw on /dev/mapper/hda1:
/sbin/cryptsetup -T 1 luksOpen /dev/mapper/hda1 hda1 --key-file=-
Error: incorrect number of arguments
Usage: /lib/cryptsetup/askpass PROMPT

A -> | <- is missing between askpass and cryptsetup commands:

/lib/cryptsetup/askpass "Enter passphrase for ${pers_label} on ${devname}:
" | /sbin/cryptsetup -T 1 luksOpen ${devname} $(basename ${devname})
--key-file=-

Tested and confirmed. Now the passphrase is asked. But I still can't get
to open the luks partition.

How I created the luks partiton:

mkfs.ext2 -L home-rw /dev/hda1
cryptsetup luksFormat /dev/hda1
cryptsetup luksOpen /dev/hda1 home-rw
mkfs.ext2 -L home-rw /dev/mapper/home-rw
cryptsetup luksClose /dev/mapper/home-rw

Is this the correct way? How should I create it? I tried to use
'cryptsetup create' but the partition wasn't found.

The partition is labeled home-rw but I'm asked for a passphrase for
live-rw, home-rw, live-sn and home-sn and everytime it fails with:

Enter passphrase for live-rw on /dev/hda1:
There was an error decrypting /dev/mapper/hda1 ... Retry? [Y/n]
Command failed: No key available with this passphrase.

n
Enter passphrase for home-rw on /dev/hda1:
There was an error decrypting /dev/mapper/hda1 ... Retry? [Y/n]
Command failed: No key available with this passphrase.

n
...

But after booting I can open the luks partition with the command that
live-helpers should be running:

# /lib/cryptsetup/askpass "Prompt " | /sbin/cryptsetup -T 1 luksOpen
/dev/hda1 hda1 --key-file=-
Prompt
[ 412.387784] padlock: VIA PadLock not detected.
[ 412.461262] padlock: VIA PadLock Hash Engine not detected.
key slot 0 unlocked.
Command successful.
# mount /dev/mapper/hda1 /home
#

Attached is the debug mode live.log with persistent boot option using that
partition.

(note: in debug mode the user can't see anything. I've typed the
passphrase and then 'n' to not retry in the four times it asks for the
passphrase)

TIA

Rui M. P. Bernardo

Attachment: live.encrypted.log.tar.gz
Description: GNU Zip compressed data

Reply to:

Follow-Ups:
- Re: cryptsetup and how to create luks partiton?
  - From: Daniel Baumann <daniel@debian.org>

Prev by Date: Re: Bug#522382: live-initramfs: using 'persistent=nofiles' parameter
Next by Date: Adapting Debian live to support Amazon EC2 custom instance creation
Previous by thread: Re: Bug#522382: live-initramfs: using 'persistent=nofiles' parameter
Next by thread: Re: cryptsetup and how to create luks partiton?
Index(es):
- Date
- Thread