** Also affects: gnome-disk-utility (Arch Linux)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-disk-utility in Ubuntu.
https://bugs.launchpad.net/bugs/1790979
Title:
Unable to change disk decryption passphrase
Status in gnome-disk-utility package in Ubuntu:
Confirmed
Status in gnome-disk-utility package in Arch Linux:
New
Bug description:
Versions:
Ubuntu 18.04 LTS
gnome-disk-utility 3.28.3-0ubuntu1~18.04.1
------------------------------------------
What I'm trying to do:
Change the disk decryption passphrase of key in any slot other than
slot 0 while there is an existing key in slot 0 (e.g. changing the
disk decryption passphrase of slot 1) using gnome-disk-utility.
Ran "Disks" > Selected my encrypted device partition > Clicked the
gear icon > Selected "Change passphrase" > Entered the passphrase I
wanted to change > Entered the passphrase I wanted to change to and
confirmed it > clicked "Change".
------------------------------------------
What I expected to happen:
After clicking "Change" I expected to get no errors and have the
passphrase I wanted to change to be valid to decrypt the disk.
In the event of an error I expected the passphrase I was trying to
change to still be valid to decrypt the disk.
------------------------------------------
What is happening:
I get an error message pop-up:
Error changing passphrase
Error changing passphrase on device /dev/sda2/:Failed to add the new
passphrase: Invalid argument (udisks-error-quark, 0)
And the key that I was trying to change gets deleted with no new key
being added.
------------------------------------------
(Before trying to change passphrase in key slot 2 using gnome-disk-
utility)
sudo cryptsetup luksDump /dev/sda2
LUKS header information for /dev/sda2
Version: 1
Cipher name: aes
Cipher mode: cbc-essiv:sha256
Hash spec: sha1
Payload offset: 4096
MK bits: 256
MK digest: 0f 5d 66 ec 16 0b 0c f2 4b 0a 9f 99 28 41 59 64 e9 9d
75 64
MK salt: 89 e5 16 e5 e0 5d f5 63 f6 ba 2b f1 df e8 e6 1d
11 52 27 39 ff 87 4c 70 ab b7 49 a2 97 e0 46 41
MK iterations: 101875
UUID: c5754fe4-0835-431f-996b-e2202c380d05
Key Slot 0: ENABLED
Iterations: 426666
Salt: cb 25 fd 7d 14 ca af f1 6a 57 b9 b7 b8 7a 45 76
9e 9b 3f ef 6a 3a e7 f6 18 24 7a 6e bb 0d 36 78
Key material offset: 8
AF stripes: 4000
Key Slot 1: ENABLED
Iterations: 2074334
Salt: c2 cc 91 12 25 f4 80 21 d2 fa 91 44 ef 02 04 3e
6d d8 85 ef b2 39 fb c2 94 f1 62 ee db 79 3c ed
Key material offset: 264
AF stripes: 4000
Key Slot 2: ENABLED
Iterations: 2090878
Salt: 47 fa 77 b7 f8 31 dc 48 ab 58 f7 25 a4 d5 c7 be
35 a3 83 6a 4d 1d bb 24 1c 38 12 2d f1 15 40 7f
Key material offset: 520
AF stripes: 4000
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
------------------------------------------
(After trying to change passphrase in key slot 2 using gnome-disk-
utility)
sudo cryptsetup luksDump /dev/sda2
LUKS header information for /dev/sda2
Version: 1
Cipher name: aes
Cipher mode: cbc-essiv:sha256
Hash spec: sha1
Payload offset: 4096
MK bits: 256
MK digest: 0f 5d 66 ec 16 0b 0c f2 4b 0a 9f 99 28 41 59 64 e9 9d
75 64
MK salt: 89 e5 16 e5 e0 5d f5 63 f6 ba 2b f1 df e8 e6 1d
11 52 27 39 ff 87 4c 70 ab b7 49 a2 97 e0 46 41
MK iterations: 101875
UUID: c5754fe4-0835-431f-996b-e2202c380d05
Key Slot 0: ENABLED
Iterations: 426666
Salt: cb 25 fd 7d 14 ca af f1 6a 57 b9 b7 b8 7a 45 76
9e 9b 3f ef 6a 3a e7 f6 18 24 7a 6e bb 0d 36 78
Key material offset: 8
AF stripes: 4000
Key Slot 1: ENABLED
Iterations: 2074334
Salt: c2 cc 91 12 25 f4 80 21 d2 fa 91 44 ef 02 04 3e
6d d8 85 ef b2 39 fb c2 94 f1 62 ee db 79 3c ed
Key material offset: 264
AF stripes: 4000
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
------------------------------------------
Troubleshooting:
I have found that:
* Changing the passphrase of the key in slot 0 while there are
existing keys in any other slot works as expected (the passphrase is
changed and no errors occur)
* Changing the passphrase of a key in any slot other than slot 0 while
there is no existing key in slot 0 works as expected (the passphrase
is changed and no errors occur)
------------------------------------------
Replication:
To rule out this bug being caused by the way we build computers with
18.04 internally, I have installed Ubuntu 18.04 LTS on different
hardware > set the disk to encrypted > added a key into slot 1 using:
sudo cryptsetup luksAddKey /dev/sda5 > attempted to change said key by
running "Disks" > Selected my encrypted device partition > Clicked the
gear icon > Selected "Change passphrase" > Entered the passphrase I
wanted to change > Entered the passphrase I wanted to change to and
confirmed it > clicked "Change" and received the same error.
------------------------------------------
Workaround:
The following command works as an alternative to changing the
passphrase in "Disks":
sudo cryptsetup luksChangeKey /dev/[partition]
*where [partition] is the encrypted partition that you want to change
the passphrase on.
This is not ideal as our users will want to use "Disks" to change the
passphrase.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-disk-utility/+bug/1790979/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
