Re: about invalid key slots
- Subject: Re: about invalid key slots
- From: ".. ink .." <mhogomchungu@xxxxxxxxx>
- Date: Mon, 2 Apr 2012 08:14:16 -0400
- In-reply-to: <4F7980D1.firstname.lastname@example.org>
- References: <CAFnMBaSPn6p_jLcgJOQ_D=STpJrwRap6qorCcenH7ez+bGmPiQ@mail.gmail.com> <CAFnMBaR24NYrMLh2M+jskXfUSAJSsmwh3CvA=aR_Tkpkd6Swemail@example.com> <4F79665F.firstname.lastname@example.org> <CAFnMBaS63WvxydnvMmhfXBjLKh4KkxYGg_CABHM3ypP6_63Zog@mail.gmail.com> <4F7980D1.email@example.com>
- Sender: dm-crypt-bounces@xxxxxxxx
ok,i guess this solves my confusion.The same term is used for two different things. crypt_load() will fail when the header is corrupt and my code will just return "its not luks device",i can live with this or come up with something within the API. Will not even attempt to go over or under the API.
Please do not try to parse physical header structure outside of cryptsetup,
header can change in future (new version) etc. libcryptsetup should
be wrapper over these internals.
was not going to. I was puzzled by the "CRYPT_SLOT_INVALID" entry in the "crypt_keyslot_info" structure when i looked at the API couple of months ago but i never asked about it. All these posts about invalid key slots just made me relooked the puzzle and ask about it.
CRYPT_SLOT_INVALID is returned if e.g. slot # is above limit, not
if header is corrupted.
An invalid key slot due to a corrupted header is a serious problem and everybody seem to be reporting on this. How serious is the "CRYPT_SLOT_INVALID" status on a key slot as reported by crypt_keyslot_status()?
Since my code goes further enoght to see this one( crypt_load() pass ) and can open volumes if key is on another slot,it seem useful to inform my users of this status but not confuse them with the more serious one.
This is the output i made the tool generate when it encounters "CRYPT_SLOT_INVALID"
[ink@mtz ~]$ zuluCrypt-cli -O -d cvol -p xxx
SUCCESS: Volume opened successfully
WARNING: the volume has atleast one corrupted key slot
does "corrupt" differ enough from "invalid"? any suggestion on the term to use to describe "CRYPT_SLOT_INVALID" status?
dm-crypt mailing list