prosit
June 29, 2022, 8:09pm
1
Some years ago I followed this guide to set up an encrypted partition on my usb disk attached to my openwrt (19.07) router.
I used it for a while, then I forgotten it.
Today I tried to remount the encrypted partition but I failed.
The following command:
cryptsetup open /dev/sda2 sda2
didn't create /dev/mapper/sda2
that is expected for the next command:
mount /dev/mapper/sda2 /mnt/part2
Thank you for any hint.
P.S.: if it can help:
# cryptsetup open /dev/sda2 sda2
Enter passphrase for /dev/sda2:
# ls /dev/mapper
control
See output of
cryptsetup -v open /dev/sda2 sda2
prosit
June 29, 2022, 8:44pm
3
# cryptsetup -v open /dev/sda2 sda2
Enter passphrase for /dev/sda2:
Command failed with code -1 (wrong or missing parameters).
Are you still running the same 19.07 firmware?
If not, have you updated your system to the same requirements as the wiki indicates?
Details are important. Is the drive visible in block info
or /etc/config/fstab
as /dev/sda2
? for a start.
prosit
June 30, 2022, 6:08am
5
I'm sure I've followed the crypto guide on 19.07. Maybe after that I've updated to a newer 19.07.x minor release.
Sorry, I'm unable to find the requirements in the wiki you cite.
Certainly.
# block info
/dev/mtdblock5: UUID="815b1260-3d758bad-d3a75a64-6ddca328" VERSION="4.0" MOUNT="/rom" TYPE="squashfs"
/dev/mtdblock6: MOUNT="/overlay" TYPE="jffs2"
/dev/sda1: UUID="52F716B71013xxxx" MOUNT="/mnt/sda1" TYPE="ntfs"
/dev/sda2: UUID="3eb58e45-7f67-4ae6-a9a7-b2aaa6d3xxxx" TYPE="crypto_LUKS"
P.S.: on another router with 21.02 release encryption does not work at all because package kmod-crypto-iv
is missing in repositories.
So, it seems that the last version does not support encryption anymore.
The wiki has not changed
opkg install kmod-crypto-ecb kmod-crypto-xts kmod-crypto-misc kmod-crypto-user cryptsetup
other than you noted that kmod-crypto-iv
no longer exists. Not an issue. Wiki needs an update.
No. It still works exactly per the wiki.
Did you take a header backup when you set it up?
What does luksDump
return?
This appears to show the /dev/mapper
is created by the open
What does block info
return right after issuing the open
?
OK, try something like:
cryptsetup -v open /dev/sda2 crsd
prosit
June 30, 2022, 8:19am
8
# cryptsetup -v open /dev/sda2 crsd
Enter passphrase for /dev/sda2:
Command failed with code -1 (wrong or missing parameters).
prosit
June 30, 2022, 8:27am
9
Obviouly I've installed all these packages since I've followed the wiki.
I've tried to create an encrypted container on a new 21.02 router following the wiki but I failed. Maybe I will open another thread for that.
No.
# luksdump
/bin/ash: luksdump: not found
# cryptsetup open /dev/sda2 sda2
Enter passphrase for /dev/sda2:
root@LEDE:/# block info
/dev/mtdblock5: UUID="815b1260-3d758bad-d3a75a64-6ddca328" VERSION="4.0" MOUNT="/rom" TYPE="squashfs"
/dev/mtdblock6: MOUNT="/overlay" TYPE="jffs2"
/dev/sda1: UUID="52F716B71013xxxx" TYPE="ntfs"
/dev/sda2: UUID="3eb58e45-7f67-4ae6-a9a7-b2aaa6d3xxxx" TYPE="crypto_LUKS"
LuksD ump /dev/sda2
FWIW, the one usb drive I have encrypted, is portable across 19.07, 21.02, 21.03, and Master
For the record, header backup is as important as your pass phrase towards successful recovery.
prosit
June 30, 2022, 1:18pm
11
# LuksDump /dev/sda2
/bin/ash: LuksDump: not found
# luksDump /dev/sda2
/bin/ash: luksDump: not found
# Luksdump /dev/sda2
/bin/ash: Luksdump: not found
Sorry, bad assumption on my part.
cryptsetup luksDump /dev/sda2
prosit
June 30, 2022, 2:04pm
13
You are welcome.
# cryptsetup luksDump /dev/sda2
LUKS header information for /dev/sda2
Version: 1
Cipher name: aes
Cipher mode: xts-plain64
Hash spec: sha1
Payload offset: 65535
MK bits: 256
MK digest: cc 17 1a 10 63 7c b1 a4 fd 01 36 a4 94 e2 6f 87 74 ad c7 c2
MK salt: 4f ce f4 b5 ce 07 0c d8 a0 2f 8b 9e 9f 76 58 d2
c8 7a 46 dc 68 d4 47 a5 7c a5 a2 00 a1 66 7c a5
MK iterations: 93000
UUID: 3eb58e45-7f67-4ae6-a9a7-b2aaa6d3970f
Key Slot 0: ENABLED
Iterations: 359549
Salt: 29 9a bb a1 94 f8 b8 e7 79 be 3a 7e 3d 64 30 01
c5 2c 9c 76 a1 57 4d 32 be 94 39 a7 51 4b b2 b3
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
By the way, I'm going to open another thread for my other new router (21.02) where I am unable to complete the steps in the wiki.
cryptsetup -v luksOpen /dev/sda2 crsd
prosit
June 30, 2022, 3:23pm
15
Already asked, and already replied:
# cryptsetup -v open /dev/sda2 crsd
Enter passphrase for /dev/sda2:
Command failed with code -1 (wrong or missing parameters).