Package: cryptsetup
Version: 2:1.0.6-7
Severity: normal
I noticed that it is impossible to remove a keyslot with the key of this slot.
Problem occurs either with passphrase and with key-file.
I guess it's not a feature, since it should be possible to delete all key-slots
to make
access to the data quite-impossible. There is also a warning message while
trying to do it,
so I'm sure it should be possible (and in the case we have to delete the last
keyslot, the
only possibility is to use the same key).
Example :
r...@pierre:/tmp# ls -sh keyslot*
4.0K keyslot0.rand 4.0K keyslot1.rand
r...@pierre:/tmp# cryptsetup luksFormat -s256 /dev/mapper/pierre-testluks
/tmp/keyslot0.rand
WARNING!
========
This will overwrite data on /dev/mapper/pierre-testluks irrevocably.
Are you sure? (Type uppercase yes): YES
Command successful.
r...@pierre:/tmp# cryptsetup luksAddKey --key-file /tmp/keyslot0.rand
/dev/mapper/pierre-testluks /tmp/keyslot1.rand
key slot 0 unlocked.
Command successful.
r...@pierre:/tmp# cryptsetup luksDump /dev/mapper/pierre-testluks
LUKS header information for /dev/mapper/pierre-testluks
Version: 1
Cipher name: aes
Cipher mode: cbc-essiv:sha256
Hash spec: sha1
Payload offset: 2056
MK bits: 256
MK digest: 84 b0 9a 7e 56 98 ed c0 01 56 cd a8 ab 6a be 25 e6 22 e4 4b
MK salt: a5 4f 46 09 9e 1d 9e 3b 08 d9 5b 35 8b ea 99 41
fb ae 4c 17 f1 03 32 4a af b0 76 c5 06 ed e1 e5
MK iterations: 10
UUID: b6bf43f9-6de5-4290-945f-65faaa8a188d
Key Slot 0: ENABLED
Iterations: 128887
Salt: e3 70 ff b6 d2 94 c0 a7 89 aa 97 33 6a 20 b2 c7
32 9f 65 6d 95 78 48 6b f2 52 3e c0 f8 04 27 34
Key material offset: 8
AF stripes: 4000
Key Slot 1: ENABLED
Iterations: 236321
Salt: ba 18 91 42 b7 de 3f d0 db 96 0a 09 9e 9e 1c fb
06 e7 17 73 e6 8b e5 f7 9a c4 4d a7 3c e1 40 d4
Key material offset: 264
AF stripes: 4000
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
r...@pierre:/tmp# cryptsetup luksKillSlot --key-file /tmp/keyslot1.rand
/dev/mapper/pierre-testluks 1
No remaining key available with this passphrase.
Command failed.
r...@pierre:/tmp# cryptsetup luksKillSlot --key-file /tmp/keyslot0.rand
/dev/mapper/pierre-testluks 0
No remaining key available with this passphrase.
Command failed.
r...@pierre:/tmp# cryptsetup luksKillSlot --key-file /tmp/keyslot0.rand
/dev/mapper/pierre-testluks 1
key slot 1 verified.
Command successful.
r...@pierre:/tmp# cryptsetup luksKillSlot --key-file /tmp/keyslot0.rand
/dev/mapper/pierre-testluks 0
WARNING!
========
This is the last keyslot. Device will become unusable after purging this key.
Are you sure? (Type uppercase yes): YES
No remaining key available with this passphrase.
Command failed.
r...@pierre:/tmp#
-- System Information:
Debian Release: 5.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.18-6-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages cryptsetup depends on:
ii dmsetup 2:1.02.27-4 The Linux Kernel Device Mapper use
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libdevmapper1.02.1 2:1.02.27-4 The Linux Kernel Device Mapper use
ii libpopt0 1.14-4 lib for parsing cmdline parameters
ii libuuid1 1.41.3-1 universally unique id library
cryptsetup recommends no packages.
Versions of packages cryptsetup suggests:
ii dosfstools 3.0.1-1 utilities for making and checking
ii initramfs-tools [linux-initra 0.92o tools for generating an initramfs
ii udev 0.125-7 /dev/ and hotplug management daemo
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
