I want to decrypt with luks my extern HDD. I have installed cryptsetup. I get this error when I want uo decrypt:
root@OpenWrt:~# cryptsetup -v luksOpen /dev/sda1 tmp
Enter passphrase for /dev/sda1:
device-mapper: reload ioctl on tmp (253:0) failed: No such file or directory
Command failed with code -4 (wrong device or file specified).
Do I miss a cipher?
my luksDump:
Version: 1
Cipher name: aes
Cipher mode: xts-essiv:sha256
Hash spec: sha256
Payload offset: 4096
MK bits: 512
MK digest: 4e 27 3a e1 0e 4e 73 92 fc 10 46 36 78 37 60 a2 84 05 c4 d8
MK salt: be 94 98 ee 3c 25 1a 16 31 36 6e 83 bb 50 b0 10
03 c8 e4 ee 18 28 c4 1c ee 17 5d fc 0b b5 3a 56
MK iterations: 55258
UUID: f5ccce4c-4fa8-4da2-857e-b08e42e67682
Key Slot 0: ENABLED
Iterations: 881156
Salt: d1 8e b8 de 93 f6 32 96 e7 39 78 71 89 d4 36 a6
6d 04 35 c4 7c 62 dd 98 1f fe f7 7b 20 de d2 93
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
HTMofDreams:
Do I miss a cipher?
You could try specifying cipher, key size and hash algorithm explicitly e.g.:
cryptsetup open -c aes -s 256 -h ripemd160 <name> <dev>
I am curious though why you use tmp
as your encrypted volume name.
1 Like
No, sorry. I got the same error.
/tmp was only for testing.
The reason I ask is that your luksDump
shows Version 1. OpenWrt package repository provides Version 2 on recent builds.
Here is my current luksDump
as an example.
Summary
cryptsetup luksDump /dev/sda1
LUKS header information
Version: 2
Epoch: 4
Metadata area: 16384 [bytes]
Keyslots area: 16744448 [bytes]
UUID: ad8c79dc-c8d4-4b34-a4e0-f5ec83ae9248
Label: (no label)
Subsystem: (no subsystem)
Flags: (no flags)
Data segments:
0: crypt
offset: 16777216 [bytes]
length: (whole device)
cipher: aes-xts-plain64
sector: 512 [bytes]
Keyslots:
0: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 512 bits
PBKDF: argon2id
Time cost: 4
Memory: 92695
Threads: 2
Salt: e2 08 6d dd b6 f0 ac 3f 2f ea 92 48 35 f2 8f 72
ee a7 26 ed 3e 04 27 65 c9 ac 94 d8 fc 48 c5 5a
AF stripes: 4000
AF hash: sha256
Area offset:32768 [bytes]
Area length:258048 [bytes]
Digest ID: 0
1: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 512 bits
PBKDF: argon2id
Time cost: 4
Memory: 92239
Threads: 2
Salt: 10 ba 84 93 93 66 4e 2b a5 78 8d d6 b7 4f 3b 88
---TRUNCATED---
luks Version 1, is not supported? But I can mount it on my Linux PCs, with Debian 11.
Yes, Version 1 is supported and I believe backward compatible with V2.
I didn't realize the encrypted drive was coming from a Linux distro.
So the question remains, did you install cryptsetup and the crypto kmods?
kmod-crypto-ecb
kmod-crypto-xts
kmod-crypto-misc
kmod-crypto-user
cryptsetup
With OpenWrt 19.07.10 r11427-9ce6aa9d8d it works. I think a cipher is not in the repository of newer versions.
I think, this cipher is missing 'kmod-crypto-iv'
system
Closed
July 11, 2022, 7:28pm
8
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.