** Also affects: gnome-disk-utility (Arch Linux) Importance: Undecided Status: New
-- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-disk-utility in Ubuntu. https://bugs.launchpad.net/bugs/1790979 Title: Unable to change disk decryption passphrase Status in gnome-disk-utility package in Ubuntu: Confirmed Status in gnome-disk-utility package in Arch Linux: New Bug description: Versions: Ubuntu 18.04 LTS gnome-disk-utility 3.28.3-0ubuntu1~18.04.1 ------------------------------------------ What I'm trying to do: Change the disk decryption passphrase of key in any slot other than slot 0 while there is an existing key in slot 0 (e.g. changing the disk decryption passphrase of slot 1) using gnome-disk-utility. Ran "Disks" > Selected my encrypted device partition > Clicked the gear icon > Selected "Change passphrase" > Entered the passphrase I wanted to change > Entered the passphrase I wanted to change to and confirmed it > clicked "Change". ------------------------------------------ What I expected to happen: After clicking "Change" I expected to get no errors and have the passphrase I wanted to change to be valid to decrypt the disk. In the event of an error I expected the passphrase I was trying to change to still be valid to decrypt the disk. ------------------------------------------ What is happening: I get an error message pop-up: Error changing passphrase Error changing passphrase on device /dev/sda2/:Failed to add the new passphrase: Invalid argument (udisks-error-quark, 0) And the key that I was trying to change gets deleted with no new key being added. ------------------------------------------ (Before trying to change passphrase in key slot 2 using gnome-disk- utility) sudo cryptsetup luksDump /dev/sda2 LUKS header information for /dev/sda2 Version: 1 Cipher name: aes Cipher mode: cbc-essiv:sha256 Hash spec: sha1 Payload offset: 4096 MK bits: 256 MK digest: 0f 5d 66 ec 16 0b 0c f2 4b 0a 9f 99 28 41 59 64 e9 9d 75 64 MK salt: 89 e5 16 e5 e0 5d f5 63 f6 ba 2b f1 df e8 e6 1d 11 52 27 39 ff 87 4c 70 ab b7 49 a2 97 e0 46 41 MK iterations: 101875 UUID: c5754fe4-0835-431f-996b-e2202c380d05 Key Slot 0: ENABLED Iterations: 426666 Salt: cb 25 fd 7d 14 ca af f1 6a 57 b9 b7 b8 7a 45 76 9e 9b 3f ef 6a 3a e7 f6 18 24 7a 6e bb 0d 36 78 Key material offset: 8 AF stripes: 4000 Key Slot 1: ENABLED Iterations: 2074334 Salt: c2 cc 91 12 25 f4 80 21 d2 fa 91 44 ef 02 04 3e 6d d8 85 ef b2 39 fb c2 94 f1 62 ee db 79 3c ed Key material offset: 264 AF stripes: 4000 Key Slot 2: ENABLED Iterations: 2090878 Salt: 47 fa 77 b7 f8 31 dc 48 ab 58 f7 25 a4 d5 c7 be 35 a3 83 6a 4d 1d bb 24 1c 38 12 2d f1 15 40 7f Key material offset: 520 AF stripes: 4000 Key Slot 3: DISABLED Key Slot 4: DISABLED Key Slot 5: DISABLED Key Slot 6: DISABLED Key Slot 7: DISABLED ------------------------------------------ (After trying to change passphrase in key slot 2 using gnome-disk- utility) sudo cryptsetup luksDump /dev/sda2 LUKS header information for /dev/sda2 Version: 1 Cipher name: aes Cipher mode: cbc-essiv:sha256 Hash spec: sha1 Payload offset: 4096 MK bits: 256 MK digest: 0f 5d 66 ec 16 0b 0c f2 4b 0a 9f 99 28 41 59 64 e9 9d 75 64 MK salt: 89 e5 16 e5 e0 5d f5 63 f6 ba 2b f1 df e8 e6 1d 11 52 27 39 ff 87 4c 70 ab b7 49 a2 97 e0 46 41 MK iterations: 101875 UUID: c5754fe4-0835-431f-996b-e2202c380d05 Key Slot 0: ENABLED Iterations: 426666 Salt: cb 25 fd 7d 14 ca af f1 6a 57 b9 b7 b8 7a 45 76 9e 9b 3f ef 6a 3a e7 f6 18 24 7a 6e bb 0d 36 78 Key material offset: 8 AF stripes: 4000 Key Slot 1: ENABLED Iterations: 2074334 Salt: c2 cc 91 12 25 f4 80 21 d2 fa 91 44 ef 02 04 3e 6d d8 85 ef b2 39 fb c2 94 f1 62 ee db 79 3c ed Key material offset: 264 AF stripes: 4000 Key Slot 2: DISABLED Key Slot 3: DISABLED Key Slot 4: DISABLED Key Slot 5: DISABLED Key Slot 6: DISABLED Key Slot 7: DISABLED ------------------------------------------ Troubleshooting: I have found that: * Changing the passphrase of the key in slot 0 while there are existing keys in any other slot works as expected (the passphrase is changed and no errors occur) * Changing the passphrase of a key in any slot other than slot 0 while there is no existing key in slot 0 works as expected (the passphrase is changed and no errors occur) ------------------------------------------ Replication: To rule out this bug being caused by the way we build computers with 18.04 internally, I have installed Ubuntu 18.04 LTS on different hardware > set the disk to encrypted > added a key into slot 1 using: sudo cryptsetup luksAddKey /dev/sda5 > attempted to change said key by running "Disks" > Selected my encrypted device partition > Clicked the gear icon > Selected "Change passphrase" > Entered the passphrase I wanted to change > Entered the passphrase I wanted to change to and confirmed it > clicked "Change" and received the same error. ------------------------------------------ Workaround: The following command works as an alternative to changing the passphrase in "Disks": sudo cryptsetup luksChangeKey /dev/[partition] *where [partition] is the encrypted partition that you want to change the passphrase on. This is not ideal as our users will want to use "Disks" to change the passphrase. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-disk-utility/+bug/1790979/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp