roddhjav
commented
7 years ago There is not enough data to help you here. What are the commands you used?
Closed tombraidr closed 7 years ago
roddhjav
commented
7 years ago There is not enough data to help you here. What are the commands you used?
tombraidr
commented
7 years ago @roddhjav
I'm sorry didn't provide any command. Here's what I remember I did:
# Change passphrase
tomb passwd -k secret.tomb.key
# Open tomb
tomb open -k secret.tomb.key secret.tomb -D # tomb is in internal drive (not external)
tomb [D] Identified caller: root (0:0)
tomb [D] Tomb command: open secret.tomb
tomb [D] Caller: uid[0], gid[0], tty[/dev/pts/2].
tomb [D] Temporary directory: /tmp/zsh
tomb . Commanded to open tomb secret.tomb
tomb [D] is_valid_tomb secret.tomb
tomb [D] tomb file is readable
tomb [D] tomb file is a regular file
tomb [D] tomb file is not empty
tomb [D] tomb file is not currently in use
tomb . Valid tomb file found: secret.tomb
tomb [D] load_key argument: secret.tomb.key
tomb [D] load_key: secret.tomb.key
tomb [D] is_valid_key
tomb . Key is valid.
tomb . Mountpoint not specified, using default: /media/secret
tomb (*) Opening secret on /media/secret
tomb . This tomb is a valid LUKS encrypted device.
tomb . Cipher is "aes" mode "xts-plain64:sha256" hash "sha1"
tomb [D] dev mapper device: tomb.secret.1496399069.loop1
tomb [D] Tomb key: secret.tomb.key
tomb [D] Tomb name: secret (to be engraved)
tomb . A password is required to use key secret.tomb.key
tomb [D] asking password with tty=/dev/pts/2 lc-ctype=en_GB.UTF-8
tomb [D] using pinentry-curses
tomb [W] Detected DISPLAY, but only pinentry-curses is found.
tomb [D] get_lukskey
tomb [D] Created tempfile: /tmp/zsh/137391719910614975
tomb [D] gpg: AES256 encrypted data
tomb [D] [GNUPG:] NEED_PASSPHRASE_SYM 9 3 2
tomb [D] gpg: encrypted with 1 passphrase
tomb [D] [GNUPG:] BEGIN_DECRYPTION
tomb [D] [GNUPG:] DECRYPTION_INFO 2 9
tomb [D] [GNUPG:] PLAINTEXT 62 1496398364
tomb [D] [GNUPG:] DECRYPTION_OKAY
tomb [D] [GNUPG:] GOODMDC
tomb [D] [GNUPG:] END_DECRYPTION
tomb [D] get_lukskey returns 0
tomb . Password OK.
No key available with this passphrase.
tomb [E] Failure mounting the encrypted file.It says 'Password OK' and 'No key available with passphrase'. That sounds kind of contradictory to me.
Thanks!
tombraidr
commented
7 years ago @roddhjav
I updated and edited my previous post with the debugging flag on (i.e. -D).
roddhjav
commented
7 years ago You passphrase for this key seems to be good, however, this is the key that is not linked to the tomb. What command did you use: tomb passwd or/and tomb setkey?
tombraidr
commented
7 years ago @roddhjav
I used 'passwd'. I was not even aware of setkey until few moments ago.
roddhjav
commented
7 years ago Can you create a new test tomb and key, change the password and post the result here?
roddhjav
commented
7 years ago Something like:
tomb dig -s 10 test.tomb
tomb forge test.tomb.key
tomb lock test.tomb -k test.tomb.key
tomb passwd -k test.tomb.key
tomb open test.tomb -k test.tomb.key
jaromil
commented
7 years ago Given the vagueness of the report and the presence of integration tests around this particular case, I think we can safely consider this not to be tomb's bug, unless the system where this is performed has some particularities we should be taking into account, but I doubt.
jaromil
commented
7 years ago @tombraidr can you do sudo make test into tomb's source directory?
the very final lines of the resul should report a summary of all tests that you can paste here.
tombraidr
commented
7 years ago @roddhjav
Thanks. I did your suggestion but I could open the tomb even after changing passphrase.
One thing I noticed is that the key that fails is 890 bytes long. Other keys I have are all 894 bytes long.
tombraidr
commented
7 years ago @roddhjav
By the way, this is my tomb version:
tomb -v
Tomb 2.4 - a strong and gentle undertaker for your secrets
Copyright (C) 2007-2017 Dyne.org Foundation, License GNU GPL v3+
This is free software: you are free to change and redistribute it
For the latest sourcecode go to <http://dyne.org/software/tomb>
This source code is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
When in need please refer to <http://dyne.org/support>.
System utils:
Sudo version 1.8.5p2
cryptsetup 1.4.3
pinentry-curses (pinentry) 0.8.1
gpg (GnuPG) 1.4.12 - key forging algorithms (GnuPG symmetric ciphers):
/usr/bin/gpg
3DES CAST5 BLOWFISH AES AES192 AES256 TWOFISH CAMELLIA128 CAMELLIA192 CAMELLIA256
Optional utils:
/usr/bin/gettext
/usr/bin/dcfldd
wipe not found
/usr/bin/steghide
/sbin/resize2fs
tomb-kdb-pbkdf2 not found
/usr/bin/qrencode
swish-e not found
/usr/bin/unoconv
@roddhjav
This is the output I get when I check the key.
gpg -d secret.tomb.key | hexdump -c
gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase
0000000 \r # t p � � { � � � � T b � m �
0000010 T 034 � 037 J � 021 / 001 � < � � 236 � �
0000020 � x 7 < � � 7 � x 224 g � 177 z �
0000030 � 207 � � 202 212 p _ H � # � 234 020 � �
0000040 2 � 7 \v 210 M � B . o � \b � F ~ 200
0000050 " � \n � % R � � 037 017 220 210 027 232 \f &
0000060 = = � O � � G 217 j � � 207 � 201 N 035
0000070 � V \r � � 0 . � � ? L � 215 \r u K
0000080 � v [ 225 230 : T � � � � a 003 \f 213 V
0000090 g L 004 8 Y x � 005 ; � 203 � 211 � �
00000a0 \f p . � B 001 : Q } � @ 037 233 = � 6
00000b0 � < 225 � v � E � ( _ S � $ # 016
00000c0 V � � = 1 / E � � O � 4 212 � {
00000d0 u � � 226 ` : 214 S � 032 024 216 � 226 217
00000e0 � � � � � R � W 027 } c 003 � \f � 236
00000f0 � B 027 < � � � � � � 206 � � � ^
0000100 210 � ` C 024 � � $ # p � � � 2 237
0000110 � 177 | 225 � � � � 5 � � � T 027 � 221
0000120 3 � 203 � a � | C > > G 221 / > � �
0000130 � B ( � � [ � 227 � � � 7 m � 016
0000140 � 1 8 � + l 020 � 9 021 215 � 236 I �
0000150 005 � 233 � � � � 214 � 023 224 223 � G � L
0000160 031 | d O @ } � C � � 207 016 � � � *
0000170 � e � � t ~ 207 % L 202 � � � � $ 6
0000180 " � � � j � $ � - * C � � � 226
0000190 I � % b T w 5 l ) p � � � 020 V
00001a0 � P $ � � 235 ? 210 x ! 022 $ > 236 7
00001b0 036 y f � 8 e 020 � s � � 224 � 034 � \0
00001c0 B : \0 Y 227 � Q � � � w i � � S \b
00001d0 004 � ( � � l 201 2 [ 033 � � U g
00001e0 � j ` � D � � � . 034 � � B D M
00001f0 � � 217 � � � � l � 8 z � � 206
00001fe
@roddhjav
And finally (for now), this is the output of:
lo=$(losetup -f)
losetup -f secret.tomb
pass=$(gpg -d secret.tomb.key)
echo -ne "$pass" | cryptsetup --debug --key-file - luksOpen $lo secret
# cryptsetup 1.4.3 processing "cryptsetup --debug --key-file - luksOpen /dev/loop4 secret"
# Running command luksOpen.
# Locking memory.
# Allocating crypt device /dev/loop4 context.
# Trying to open and read device /dev/loop4.
# Initialising device-mapper backend, UDEV is enabled.
# Detected dm-crypt version 1.11.1, dm-ioctl version 4.22.0.
# Trying to load LUKS1 crypt type from device /dev/loop4.
# Crypto backend (gcrypt 1.5.0) initialized.
# Reading LUKS header of size 1024 from device /dev/loop4
# Timeout set to 0 miliseconds.
# Password retry count set to 3.
# Password verification disabled.
# Iteration time set to 1000 miliseconds.
# Password retry count set to 1.
# Activating volume secret [keyslot -1] using keyfile -.
# dm status secret OF [16384] (*1)
# STDIN descriptor passphrase entry requested.
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# DM-UUID is CRYPT-TEMP-temporary-cryptsetup-11287
# Udev cookie 0xd4df637 (semid 1277960) created
# Udev cookie 0xd4df637 (semid 1277960) incremented to 1
# Udev cookie 0xd4df637 (semid 1277960) incremented to 2
# Udev cookie 0xd4df637 (semid 1277960) assigned to CREATE task(0) with flags DISABLE_SUBSYSTEM_RULES DISABLE_DISK_RULES DISABLE_OTHER_RULES (0xe)
# dm create temporary-cryptsetup-11287 CRYPT-TEMP-temporary-cryptsetup-11287 OF [16384] (*1)
# dm reload temporary-cryptsetup-11287 OFRW [16384] (*1)
# dm resume temporary-cryptsetup-11287 OFRW [16384] (*1)
# temporary-cryptsetup-11287: Stacking NODE_ADD (254,1) 0:6 0660 [verify_udev]
# temporary-cryptsetup-11287: Stacking NODE_READ_AHEAD 256 (flags=1)
# Udev cookie 0xd4df637 (semid 1277960) decremented to 1
# Udev cookie 0xd4df637 (semid 1277960) waiting for zero
# Udev cookie 0xd4df637 (semid 1277960) destroyed
# temporary-cryptsetup-11287: Processing NODE_ADD (254,1) 0:6 0660 [verify_udev]
# temporary-cryptsetup-11287: Processing NODE_READ_AHEAD 256 (flags=1)
# temporary-cryptsetup-11287 (254:1): read ahead is 256
# temporary-cryptsetup-11287 (254:1): Setting read ahead to 256
# Udev cookie 0xd4de5c6 (semid 1310728) created
# Udev cookie 0xd4de5c6 (semid 1310728) incremented to 1
# Udev cookie 0xd4de5c6 (semid 1310728) incremented to 2
# Udev cookie 0xd4de5c6 (semid 1310728) assigned to REMOVE task(2) with flags (0x0)
# dm remove temporary-cryptsetup-11287 OFT [16384] (*1)
# temporary-cryptsetup-11287: Stacking NODE_DEL [verify_udev]
# Udev cookie 0xd4de5c6 (semid 1310728) decremented to 1
# Udev cookie 0xd4de5c6 (semid 1310728) waiting for zero
# Udev cookie 0xd4de5c6 (semid 1310728) destroyed
# temporary-cryptsetup-11287: Processing NODE_DEL [verify_udev]
# Trying to open key slot 1 [INACTIVE].
# Trying to open key slot 2 [INACTIVE].
# Trying to open key slot 3 [INACTIVE].
# Trying to open key slot 4 [INACTIVE].
# Trying to open key slot 5 [INACTIVE].
# Trying to open key slot 6 [INACTIVE].
# Trying to open key slot 7 [INACTIVE].
No key available with this passphrase.
# Releasing crypt device /dev/loop4 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code 1: No key available with this passphrase.I'm closing this. It seems the data is now in possession of the Prince of Darkness (i.e. lost forever and ever). Oh, well.
Changed key passphrase. Now I can't open tomb.
Tried changing key passphrase to what it was before. Didn't help.
HELP! What can I do? Thanks