search

dyne / tomb

the Crypto Undertaker
https://dyne.org/software/tomb
GNU General Public License v3.0
1.35k stars 153 forks source link

Error locking the tomb #400

Closed henrydenhengst closed 3 years ago

henrydenhengst commented 3 years ago

Using Debian 10, all patched. Linux debian-01 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) x86_64 GNU/Linux

**Tomb 2.5** - a strong and gentle undertaker for your secrets

   Copyright (C) 2007-2017 Dyne.org Foundation, License GNU GPL v3+
   This is free software: you are free to change and redistribute it
   For the latest sourcecode go to <http://dyne.org/software/tomb>

   This source code is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
   When in need please refer to <http://dyne.org/support>.

  System utils:

  **Sudo version 1.8.27**
  **cryptsetup 2.1.0**
  **pinentry-gtk2 (pinentry) 1.1.0**
Copyright (C) 2016 g10 Code GmbH
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
  **findmnt from util-linux 2.33.1**
  **gpg (GnuPG) 2.2.12** - key forging algorithms (GnuPG symmetric ciphers):
  /usr/bin/gpg
 IDEA 3DES CAST5 BLOWFISH AES AES192 AES256 TWOFISH CAMELLIA128 CAMELLIA192 CAMELLIA256

  Optional utils:

  /usr/bin/gettext
  /usr/bin/dcfldd
  /usr/bin/shred
  /usr/bin/steghide
  /usr/sbin/resize2fs
  tomb-kdb-pbkdf2 not found
  /usr/bin/qrencode
  /usr/bin/swish-e
  /usr/bin/unoconv
  /usr/bin/lsof

I tried debug mode to see what goes wrong?!

cryptsetup luksFormat returned an error, can anyone tell me if those errors are logged. If yes, where? Should I go outside the Debian repo and use github instead? Or, can I just fix this?

root@debian-01:/home/henry/Downloads# tomb lock xxxxx.xxx -k xxxxx.xxx.key -D

tomb [D] Identified caller: henry (1000:1000) tomb [D] Updating HOME to match user's: /home/henry (was /root) tomb [D] Tomb command: lock xxxxx.xxx tomb [D] Caller: uid[1000], gid[1000], tty[/dev/pts/1]. tomb [D] Temporary directory: /tmp/zsh tomb . Commanded to lock tomb xxxxx.xxx tomb [D] Tomb found: xxxxx.xxx tomb [D] Loop mounted on /dev/loop2 tomb . Checking if the tomb is empty (we never step on somebody else's bones). tomb . Fine, this tomb seems empty. tomb [D] load_key argument: xxxxx.xxx.key tomb [D] load_key: xxxxx.xxx.key tomb [D] is_valid_key tomb . Key is valid. tomb . Locking using cipher: aes-xts-plain64:sha256 tomb . A password is required to use key xxxxx.xxx.key tomb [D] asking password with tty=/dev/pts/1 lc-ctype=nl_NL.UTF-8 tomb [D] using pinentry-gtk2 tomb [D] get_lukskey tomb [D] Created tempfile: /tmp/zsh/1433815018743113933 tomb [D] gpg: AES256 encrypted data tomb [D] [GNUPG:] NEED_PASSPHRASE_SYM 9 3 2 tomb [D] gpg: encrypted with 1 passphrase tomb [D] [GNUPG:] BEGIN_DECRYPTION tomb [D] [GNUPG:] DECRYPTION_COMPLIANCE_MODE 23 tomb [D] [GNUPG:] DECRYPTION_INFO 2 9 tomb [D] [GNUPG:] PLAINTEXT 62 1608378973 tomb [D] [GNUPG:] DECRYPTION_OKAY tomb [D] [GNUPG:] GOODMDC tomb [D] [GNUPG:] END_DECRYPTION tomb [D] get_lukskey returns 0 tomb . Password OK. tomb (*) Locking xxxxx.xxx with xxxxx.xxx.key tomb . Formatting Luks mapped device. tomb [W] cryptsetup luksFormat returned an error. tomb [E] Operation aborted.

jaromil commented 3 years ago

@henrydenhengst You need to use at least tomb 2.6 to work with cryptsetup 2. Someone should update the package in Debian. This is our ChangeLog:

2.6

May 2019

This release adds new features and provides an important fix for usage of Tomb with cryptsetup 2.1 and future versions; it also fixes a whitespace bug in KDF passwords, all fixes are documented in KNOWN_BUGS. A notable new feature is the libsphinx integration for password-authenticated key agreement (PAKE). Another feature is the integration of cloakify to support new cloak/uncloak commands that hide keys inside long text files. Also support for gpg sub-keys has been added and overall gpg asymmetric key protection is improved.

henrydenhengst commented 3 years ago

Thanx version 2.6 works like a charm.

jaromil commented 3 years ago

@henrydenhengst neat! thanks for reporting. I have clues why 2.8.1 fails, preparing a new minor bugfix as we speak. would be useful to know what version of Debian you are using, so I can try reproduce and make sure it is fixed.