mount.crypt: mount.crypt does not send keyfile option to cryptsetup

G. D. Pallas Tue, 12 May 2009 05:59:53 -0700

Package: libpam-mount
Version: 1.10-1
Severity: important
File: /sbin/mount.crypt




/dev/sdb1 contains a LUKS volume with only one key-slot: 0, which comes from a 
keyfile.
Cryptsetup opens it without problem:

aris:/home/encmp/gpall# cryptsetup --key-file /home/encmp/gpall/proj/keyfile 
luksOpen /dev/sdb1 testluks
sh: /sbin/udevsettle: No such file or directory
key slot 1 unlocked.
sh: /sbin/udevsettle: No such file or directory
Command successful.
aris:/home/encmp/gpall# ls -la /dev/mapper/
total 0
drwxr-xr-x  2 root root     100 2009-05-12 15:16 .
drwxr-xr-x 15 root root    3900 2009-05-12 15:16 ..
crw-rw----  1 root root  10, 60 2009-05-12 09:00 control
brw-rw----  1 root disk 254,  0 2009-05-12 09:01 _dev_sdb3
brw-rw----  1 root disk 254,  1 2009-05-12 15:16 testluks
aris:/home/encmp/gpall#                       


Now, I am trying to use mount.crypt in order to mount it (I luksClosed testluks 
of course after the previous test). 

The problem is I can't get mount.crypt to pass the keyfile option to cryptsetup:

# mount.crypt -v -o keyfile=/home/encmp/gpall/proj/keyfile /dev/sdb1 
/media/dataspace
command: [readlink] [-fn] [/dev/sdb1]
command: [readlink] [-fn] [/media/dataspace]
mount.crypt: No openssl cipher specified (use -o fsk_cipher=xxx)

OK, I give the cipher (and the hash), although I can't understand why doesn't 
it autodetect like cryptsetup does:

aris:/tmp/test# mount.crypt -v -o 
fsk_cipher=aes-256-cbc,fsk_hash=ripemd160,keyfile=/home/encmp/gpall/proj/keyfile
 /dev/sdb1 /media/dataspace
command: [readlink] [-fn] [/dev/sdb1]
command: [readlink] [-fn] [/media/dataspace]
Password:
mount.crypt(loop.c:266): Using _dev_sdb1 as dmdevice name
command: [cryptsetup] [luksOpen] [/dev/sdb1] [_dev_sdb1]
sh: /sbin/udevsettle: No such file or directory
Command failed: No key available with this passphrase.

mount.crypt(loop.c:198): cryptsetup exited with non-zero status 255


I also tried with various combinations of cipher and hash (eg. sha1 for hash, 
and aes256 for cipher) all with the same output.
Why does it even ask for a password since I give a keyfile?

I tend to think that there is a bug, and it is not my fault. In the latter 
case, I am very sorry for the report...

Extra info: My /etc/crypttab is empty.

Here is the LUKS dump, in case you need it:

aris:/home/encmp/gpall# cryptsetup luksDump /dev/sdb1
LUKS header information for /dev/sdb1

Version:        1
Cipher name:    aes
Cipher mode:    cbc-essiv:sha256
Hash spec:      sha1
Payload offset: 2056
MK bits:        256
MK digest:      eb a6 c9 27 13 5f 0d 72 7f 1a fe 13 cc 25 5a b4 ba 7c 5e 9f
MK salt:        f0 6c 68 68 bd 2f 6a 33 7a 7b 98 fe 32 32 81 c3
                64 7d a4 47 8d 90 7a d8 5a d4 85 0a fc b3 8c 5c
MK iterations:  10
UUID:           985fcf5e-0a87-4f39-a20f-84c2d2be6cd0

Key Slot 0: DISABLED
Key Slot 1: ENABLED
        Iterations:             139573
        Salt:                   29 1c 1d 95 a8 e0 15 6e f9 34 f1 f3 b5 1a d6 66
                                7f 26 ff b5 48 82 fe 15 d3 2e c4 ed fc 89 4e f1
        Key material offset:    264
        AF stripes:             4000
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED






-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libpam-mount depends on:
ii  libc6                       2.9-4        GNU C Library: Shared libraries
ii  libhx18                     2.5-1        A library providing queue, tree, I
ii  libpam0g                    1.0.1-9      Pluggable Authentication Modules l
ii  libssl0.9.8                 0.9.8g-16    SSL shared libraries
ii  libxml2                     2.7.3.dfsg-1 GNOME XML library
ii  mount                       2.13.1.1-1   Tools for mounting and manipulatin

libpam-mount recommends no packages.

Versions of packages libpam-mount suggests:
ii  cryptsetup                 2:1.0.6-7     configures encrypted block devices
pn  davfs2                     <none>        (no description available)
ii  fuse-utils                 2.7.4-1.1     Filesystem in USErspace (utilities
ii  lsof                       4.81.dfsg.1-1 List open files
pn  ncpfs                      <none>        (no description available)
ii  openssl                    0.9.8g-16     Secure Socket Layer (SSL) binary a
ii  psmisc                     22.6-1        Utilities that use the proc filesy
ii  smbfs                      2:3.3.3-1     Samba file system utilities
pn  truecrypt | truecrypt-util <none>        (no description available)
pn  xfsprogs                   <none>        (no description available)

-- debconf information:
* libpam-mount/convert-xml-config: true



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Bug#528366: /sbin/mount.crypt: mount.crypt does not send keyfile option to cryptsetup

Reply via email to