Public bug reported:
Versions:
Ubuntu 18.04 LTS
gnome-disk-utility 3.28.3-0ubuntu1~18.04.1
------------------------------------------
What I'm trying to do:
Change the disk decryption passphrase of key in any slot other than slot
0 while there is an existing key in slot 0 (e.g. changing the disk
decryption passphrase of slot 1) using gnome-disk-utility.
Ran "Disks" > Selected my encrypted device partition > Clicked the gear
icon > Selected "Change passphrase" > Entered the passphrase I wanted to
change > Entered the passphrase I wanted to change to and confirmed it >
clicked "Change".
------------------------------------------
What I expected to happen:
After clicking "Change" I expected to get no errors and have the
passphrase I wanted to change to be valid to decrypt the disk.
In the event of an error I expected the passphrase I was trying to
change to still be valid to decrypt the disk.
------------------------------------------
What is happening:
I get an error message pop-up:
Error changing passphrase
Error changing passphrase on device /dev/sda2/:Failed to add the new
passphrase: Invalid argument (udisks-error-quark, 0)
And the key that I was trying to change gets deleted with no new key
being added.
------------------------------------------
(Before trying to change passphrase in key slot 2 using gnome-disk-
utility)
sudo cryptsetup luksDump /dev/sda2
LUKS header information for /dev/sda2
Version: 1
Cipher name: aes
Cipher mode: cbc-essiv:sha256
Hash spec: sha1
Payload offset: 4096
MK bits: 256
MK digest: 0f 5d 66 ec 16 0b 0c f2 4b 0a 9f 99 28 41 59 64 e9 9d 75 64
MK salt: 89 e5 16 e5 e0 5d f5 63 f6 ba 2b f1 df e8 e6 1d
11 52 27 39 ff 87 4c 70 ab b7 49 a2 97 e0 46 41
MK iterations: 101875
UUID: c5754fe4-0835-431f-996b-e2202c380d05
Key Slot 0: ENABLED
Iterations: 426666
Salt: cb 25 fd 7d 14 ca af f1 6a 57 b9 b7 b8 7a 45 76
9e 9b 3f ef 6a 3a e7 f6 18 24 7a 6e bb 0d 36 78
Key material offset: 8
AF stripes: 4000
Key Slot 1: ENABLED
Iterations: 2074334
Salt: c2 cc 91 12 25 f4 80 21 d2 fa 91 44 ef 02 04 3e
6d d8 85 ef b2 39 fb c2 94 f1 62 ee db 79 3c ed
Key material offset: 264
AF stripes: 4000
Key Slot 2: ENABLED
Iterations: 2090878
Salt: 47 fa 77 b7 f8 31 dc 48 ab 58 f7 25 a4 d5 c7 be
35 a3 83 6a 4d 1d bb 24 1c 38 12 2d f1 15 40 7f
Key material offset: 520
AF stripes: 4000
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
------------------------------------------
(After trying to change passphrase in key slot 2 using gnome-disk-
utility)
sudo cryptsetup luksDump /dev/sda2
LUKS header information for /dev/sda2
Version: 1
Cipher name: aes
Cipher mode: cbc-essiv:sha256
Hash spec: sha1
Payload offset: 4096
MK bits: 256
MK digest: 0f 5d 66 ec 16 0b 0c f2 4b 0a 9f 99 28 41 59 64 e9 9d 75 64
MK salt: 89 e5 16 e5 e0 5d f5 63 f6 ba 2b f1 df e8 e6 1d
11 52 27 39 ff 87 4c 70 ab b7 49 a2 97 e0 46 41
MK iterations: 101875
UUID: c5754fe4-0835-431f-996b-e2202c380d05
Key Slot 0: ENABLED
Iterations: 426666
Salt: cb 25 fd 7d 14 ca af f1 6a 57 b9 b7 b8 7a 45 76
9e 9b 3f ef 6a 3a e7 f6 18 24 7a 6e bb 0d 36 78
Key material offset: 8
AF stripes: 4000
Key Slot 1: ENABLED
Iterations: 2074334
Salt: c2 cc 91 12 25 f4 80 21 d2 fa 91 44 ef 02 04 3e
6d d8 85 ef b2 39 fb c2 94 f1 62 ee db 79 3c ed
Key material offset: 264
AF stripes: 4000
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
------------------------------------------
Troubleshooting:
I have found that:
* Changing the passphrase of the key in slot 0 while there are existing
keys in any other slot works as expected (the passphrase is changed and
no errors occur)
* Changing the passphrase of a key in any slot other than slot 0 while
there is no existing key in slot 0 works as expected (the passphrase is
changed and no errors occur)
------------------------------------------
Replication:
To rule out this bug being caused by the way we build computers with
18.04 internally, I have installed Ubuntu 18.04 LTS on different
hardware > set the disk to encrypted > added a key into slot 1 using:
sudo cryptsetup luksAddKey /dev/sda5 > attempted to change said key by
running "Disks" > Selected my encrypted device partition > Clicked the
gear icon > Selected "Change passphrase" > Entered the passphrase I
wanted to change > Entered the passphrase I wanted to change to and
confirmed it > clicked "Change" and received the same error.
------------------------------------------
Workaround:
The following command works as an alternative to changing the passphrase
in "Disks":
sudo cryptsetup luksChangeKey /dev/[partition]
*where [partition] is the encrypted partition that you want to change
the passphrase on.
This is not ideal as our users will want to use "Disks" to change the
passphrase.
** Affects: gnome-disk-utility (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1790979
Title:
Unable to change disk decryption passphrase
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-disk-utility/+bug/1790979/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
