OpenWrt and luks decrypt

I want to decrypt with luks my extern HDD. I have installed cryptsetup. I get this error when I want uo decrypt:

root@OpenWrt:~# cryptsetup -v luksOpen /dev/sda1 tmp
Enter passphrase for /dev/sda1: 
device-mapper: reload ioctl on tmp (253:0) failed: No such file or directory
Command failed with code -4 (wrong device or file specified).

Do I miss a cipher?
my luksDump:

Version:        1
Cipher name:    aes
Cipher mode:    xts-essiv:sha256
Hash spec:      sha256
Payload offset: 4096
MK bits:        512
MK digest:      4e 27 3a e1 0e 4e 73 92 fc 10 46 36 78 37 60 a2 84 05 c4 d8 
MK salt:        be 94 98 ee 3c 25 1a 16 31 36 6e 83 bb 50 b0 10 
                03 c8 e4 ee 18 28 c4 1c ee 17 5d fc 0b b5 3a 56 
MK iterations:  55258
UUID:           f5ccce4c-4fa8-4da2-857e-b08e42e67682

Key Slot 0: ENABLED
        Iterations:             881156
        Salt:                   d1 8e b8 de 93 f6 32 96 e7 39 78 71 89 d4 36 a6 
                                6d 04 35 c4 7c 62 dd 98 1f fe f7 7b 20 de d2 93 
        Key material offset:    8
        AF stripes:             4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

You could try specifying cipher, key size and hash algorithm explicitly e.g.:

cryptsetup open -c aes -s 256 -h ripemd160 <name> <dev>

I am curious though why you use tmp as your encrypted volume name.

1 Like

No, sorry. I got the same error.

/tmp was only for testing.

The reason I ask is that your luksDump shows Version 1. OpenWrt package repository provides Version 2 on recent builds.

Here is my current luksDump as an example.


cryptsetup luksDump /dev/sda1
LUKS header information
Version: 2
Epoch: 4
Metadata area: 16384 [bytes]
Keyslots area: 16744448 [bytes]
UUID: ad8c79dc-c8d4-4b34-a4e0-f5ec83ae9248
Label: (no label)
Subsystem: (no subsystem)
Flags: (no flags)

Data segments:
0: crypt
offset: 16777216 [bytes]
length: (whole device)
cipher: aes-xts-plain64
sector: 512 [bytes]

0: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 512 bits
PBKDF: argon2id
Time cost: 4
Memory: 92695
Threads: 2
Salt: e2 08 6d dd b6 f0 ac 3f 2f ea 92 48 35 f2 8f 72
ee a7 26 ed 3e 04 27 65 c9 ac 94 d8 fc 48 c5 5a
AF stripes: 4000
AF hash: sha256
Area offset:32768 [bytes]
Area length:258048 [bytes]
Digest ID: 0
1: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 512 bits
PBKDF: argon2id
Time cost: 4
Memory: 92239
Threads: 2
Salt: 10 ba 84 93 93 66 4e 2b a5 78 8d d6 b7 4f 3b 88

luks Version 1, is not supported? But I can mount it on my Linux PCs, with Debian 11.

Yes, Version 1 is supported and I believe backward compatible with V2.

I didn't realize the encrypted drive was coming from a Linux distro.

So the question remains, did you install cryptsetup and the crypto kmods?


With OpenWrt 19.07.10 r11427-9ce6aa9d8d it works. I think a cipher is not in the repository of newer versions.
I think, this cipher is missing 'kmod-crypto-iv'

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.