Google
  Web www.spinics.net

loop-AES mount problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Hi Peter Wang,

Normally I would include your email address as recipient, but this time I
can't. For some reason linux-crypto@xxxxxxxxxxxx sends me only some subset
of the mails posted to the list. Your post was one of those that wasn't
delivered, but I saw it listed on one of the archives. Archives don't
include real email addresses, so I can't include your email address as a
recipient.

One possible reason why a mount could fail like that is that the gpg
encrypted key file wasn't created properly, or more specifically, it was
created for version of loop-AES that you were NOT running at the time the
file system was created. loop-AES README section 7 attempts to explain this
problem.

You can try to force the on-disk version to v2 like this:

 gpg --decrypt </root/datakey.gpg | head -n 64 | ( sleep 60 ; gpg --symmetric -a >/root/datakey-v2.gpg )
 mount -t ext3 /dev/sda8 /mnt/crypt -o loop=/dev/loop1,encryption=AES256,gpgkey=/root/datakey-v2.gpg 

Or, you can try to force the on-disk version to v1 like this:

 gpg --decrypt </root/datakey.gpg | head -n 1 | ( sleep 60 ; gpg --symmetric -a >/root/datakey-v1.gpg )
 mount -t ext3 /dev/sda8 /mnt/crypt -o loop=/dev/loop1,encryption=AES256,gpgkey=/root/datakey-v1.gpg 

-- 
Jari Ruusu  1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9  DB 1D EB E3 24 0E A9 DD

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Home]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]     [Network Security Reading]

Add to Google