Join Log in
Score:0
avatar Server

Can't Open Existing Luks File on New Computer Using Cryptsetup

ve flag
Tom Purl

I have an encrypted partition called keys.img that I have used for years. Here's how I've always decrypted and mounted it:

sudo cryptsetup open --type luks mykeys.img mykeys
sudo mount /dev/mapper/mykeys /mnt/mykeys

I recently restored a backup of this file to a new computer running KDE Neon (which is based on Ubuntu 20.04). When I try the same commands on the new computer I get the following error:

  • No key available with this passphrase

The funny thing is, I'm able to decrypt the exact same file on a Debian server running version 10. So I think I'm missing something with the newer OS or kernel.

Here's what I've tried:

  1. Passwords: I'm not typing the password in either case, I'm copying and pasting it in. That leads me to believe that it's not a password issue.
  2. Checksum: Both copies of the mykeys.img file have the exact same md5sum hash
  3. Reboots: I've done that a few times
  4. initramfs: I saw a few posts stating that this should be regenerated. I therefore ran sudo update-initramfs -u and got this output:
W: Possible missing firmware /lib/firmware/i915/skl_guc_49.0.1.bin for module i915
W: Possible missing firmware /lib/firmware/i915/bxt_guc_49.0.1.bin for module i915
W: Possible missing firmware /lib/firmware/i915/kbl_guc_49.0.1.bin for module i915
W: Possible missing firmware /lib/firmware/i915/glk_guc_49.0.1.bin for module i915
W: Possible missing firmware /lib/firmware/i915/kbl_guc_49.0.1.bin for module i915
W: Possible missing firmware /lib/firmware/i915/kbl_guc_49.0.1.bin for module i915
W: Possible missing firmware /lib/firmware/i915/cml_guc_49.0.1.bin for module i915
W: Possible missing firmware /lib/firmware/i915/icl_guc_49.0.1.bin for module i915
W: Possible missing firmware /lib/firmware/i915/ehl_guc_49.0.1.bin for module i915
W: Possible missing firmware /lib/firmware/i915/ehl_guc_49.0.1.bin for module i915
W: Possible missing firmware /lib/firmware/i915/tgl_huc_7.5.0.bin for module i915
W: Possible missing firmware /lib/firmware/i915/tgl_guc_49.0.1.bin for module i915
W: Possible missing firmware /lib/firmware/i915/tgl_huc_7.5.0.bin for module i915
W: Possible missing firmware /lib/firmware/i915/tgl_guc_49.0.1.bin for module i915
W: Possible missing firmware /lib/firmware/i915/dg1_dmc_ver2_02.bin for module i915

I then rebooted and nothing changed.

Does anyone see what I might be missing?

Here's the debug output when I try to open the mykeys.img file btw:

# cryptsetup 2.2.2 processing "cryptsetup open --debug --type luks /home/tom/Pam-Syncthing-Root/vault/images/mykeys.img mykeys"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /home/tom/Pam-Syncthing-Root/vault/images/mykeys.img.
# Trying to open and read device /home/tom/Pam-Syncthing-Root/vault/images/mykeys.img with direct-io.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /home/tom/Pam-Syncthing-Root/vault/images/mykeys.img.
# Crypto backend (OpenSSL 1.1.1f  31 Mar 2020) initialized in cryptsetup library version 2.2.2.
# Detected kernel Linux 5.11.0-41-generic x86_64.
# PBKDF pbkdf2-sha256, time_ms 2000 (iterations 0).
# Reading LUKS header of size 1024 from device /home/tom/Pam-Syncthing-Root/vault/images/mykeys.img
# Key length 32, device size 24576 sectors, header size 2050 sectors.
# Activating volume mykeys.img using token -1.
# Interactive passphrase entry requested.
Enter passphrase for /home/tom/Pam-Syncthing-Root/vault/images/mykeys.img: 
# Activating volume keys4s3.img [keyslot -1] using passphrase.
# dm version   [ opencount flush ]   [16384] (*1)
# dm versions   [ opencount flush ]   [16384] (*1)
# Detected dm-ioctl version 4.43.0.
# Device-mapper backend running with UDEV support enabled.
# dm status keys4s3.img  [ opencount noflush ]   [16384] (*1)
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
# Reusing open ro fd on device /home/tom/Pam-Syncthing-Root/vault/images/mykeys.img
# Trying to open key slot 1 [INACTIVE].
# Trying to open key slot 2 [INACTIVE].
# Trying to open key slot 3 [INACTIVE].
# Trying to open key slot 4 [INACTIVE].
# Trying to open key slot 5 [INACTIVE].
# Trying to open key slot 6 [INACTIVE].
# Trying to open key slot 7 [INACTIVE].
No key available with this passphrase. 
# Interactive passphrase entry requested.
53
0 + 0
user10489 avatar
nc flag
user10489
Presuming you've already checked for stupid stuff like typos, stuck keys, and strange keyboard layouts that would cause an incorrect password, my next guess would be a missing encryption algorithm.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.