mhogomchungu
commented
5 years ago Run below command from root's terminal and report its output
zuluCrypt-cli --testClosed HulaHoopWhonix closed 5 years ago
mhogomchungu
commented
5 years ago Run below command from root's terminal and report its output
zuluCrypt-cli --test
HulaHoopWhonix
commented
5 years ago Output:
user@host:~$ zuluCrypt-cli --test
WARNING: "loop" kernel module does not appear to be loaded,
tests and opening of encrypted containers in files will fail if the module was not built into the kernel
creating a testing image file
creating a testing image file
creating a testing image file
creating a keyfile
creating a keyfile
create a luks type volume using a key: FAILED
user@host:~$ sudo modprobe -f loop
user@host:~$ zuluCrypt-cli --test
creating a testing image file
creating a testing image file
creating a testing image file
creating a keyfile
creating a keyfile
create a luks type volume using a key: FAILEDYou were supposed to run the command from root's account.
Is your system fully updated? There was a version of zulucrypt in debian buster that was not working people and the problem was fixed later on.
HulaHoopWhonix
commented
5 years ago I updated the apt sources and redownloaded zulucrypt.-gui. Tested it wih LUKS2 same problem. Ran test as root with out put below. Am I right to say it does't test the second LUKS version? :
root@host:/home/user# zuluCrypt-cli --test
creating a testing image file
creating a testing image file
creating a testing image file
creating a keyfile
creating a keyfile
create a luks type volume using a key: password
PASSED
check if a luks volume is a luks volume: PASSED
create luks header backup: PASSED
restore luks header from backup: PASSED
create a plain type volume using a key: PASSED
create a tcrypt type volume using a key: PASSED
open a plain volume with a key: PASSED
closing a plain volume: PASSED
open a plain volume with a keyfile: PASSED
closing a plain volume: PASSED
open a tcrypt volume with a key: PASSED
closing a tcrypt volume: PASSED
test plugin not found,skip plain volume opening with a plugin
open a luks volume with a key: PASSED
closing a luks volume: PASSED
open a luks volume with a keyfile: PASSED
closing a luks volume: PASSED
test plugin not found,skip luks volume opening with a plugin
check key slots in use: 30000000
add a key to a luks volume using a key and a key: PASSED
add key to luks volume using keyfile and keyfile: PASSED
add key to luks volume using passphrase and keyfile: PASSED
add key to luks volume using keyfile and passphrase: PASSED
check key slots in use: 11111000
remove a key from a luks volume using a key: PASSED
remove a key from a luks volume using a keyfile: PASSED
check key slots in use: 01011000
check if there are no opened mappers: PASSED
root@host:/home/user# password
WARNING:root:could not open file '/etc/apt/sources.list'
password: command not foundFrom root's run these commands and post the output of the second command
HulaHoopWhonix
commented
5 years ago
root@host:/home/user# truncate -s 50M luks.img
root@host:/home/user# cryptsetup -v --debug luksFormat luks.img --type=LUKS2 --pbkdf=argon2i --pbkdf-parallel=4 --pbkdf-memory=1024 --sector-size=512
# cryptsetup 2.1.0 processing "cryptsetup -v --debug luksFormat luks.img --type=LUKS2 --pbkdf=argon2i --pbkdf-parallel=4 --pbkdf-memory=1024 --sector-size=512"
# Running command luksFormat.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device luks.img.
# Trying to open and read device luks.img with direct-io.
# Initialising device-mapper backend library.
WARNING!
========
This will overwrite data on luks.img irrevocably.
Are you sure? (Type uppercase yes): YES
# Interactive passphrase entry requested.
Enter passphrase for luks.img:
Verify passphrase:
# Crypto backend (OpenSSL 1.1.1b 26 Feb 2019) initialized in cryptsetup library version 2.1.0.
# Detected kernel Linux 4.19.0-4-amd64 x86_64.
# Only 1 active CPUs detected, PBKDF threads decreased from 4 to 1.
# PBKDF argon2i, hash sha256, time_ms 2000 (iterations 0), max_memory_kb 1024, parallel_threads 1.
# Formatting device luks.img as type LUKS2.
# Topology info for luks.img not supported, using default offset 1048576 bytes.
# Checking if cipher aes-xts-plain64 is usable.
# Using userspace crypto wrapper to access keyslot area.
# Formatting LUKS2 with JSON metadata area 12288 bytes and keyslots area 16744448 bytes.
# Creating new digest 0 (pbkdf2).
# Setting PBKDF2 type key digest 0.
# Running pbkdf2(sha256) benchmark.
# PBKDF benchmark: memory cost = 0, iterations = 655360, threads = 0 (took 50 ms)
# PBKDF benchmark: memory cost = 0, iterations = 618994, threads = 0 (took 847 ms)
# Benchmark returns pbkdf2(sha256) 618994 iterations, 0 memory, 0 threads (for 512-bits key).
# Segment 0 assigned to digest 0.
# Wiping LUKS areas (0x000000 - 0x1000000) with zeroes.
# Wiping keyslots area (0x008000 - 0x1000000) with random data.
# Device size 52428800, offset 16777216.
# Acquiring write lock for device luks.img.
# Verifying write lock handle for device luks.img.
# Device luks.img WRITE lock taken.
# Trying to write LUKS2 header (16384 bytes) at offset 0.
# Opening locked device luks.img
# Veryfing locked device handle (regular file)
# Checksum:9e753f16b6af6c70e40739d13c89fe647ccff9bc5b3ddf4c7991dbcfdea2fd81 (in-memory)
# Trying to write LUKS2 header (16384 bytes) at offset 16384.
# Opening locked device luks.img
# Veryfing locked device handle (regular file)
# Checksum:3dba43069c1db2238e1b24ffc966634d0c550c2056de0f7a577ddadd6e98eab0 (in-memory)
# Device luks.img WRITE lock released.
# Adding new keyslot -1 using volume key.
# Adding new keyslot -1 with volume key assigned to a crypt segment.
# Selected keyslot 0.
# Verifying key digest 0.
# Keyslot 0 assigned to digest 0.
# Trying to allocate LUKS2 keyslot 0.
# Found area 32768 -> 290816
# Running argon2i() benchmark.
# PBKDF benchmark: memory cost = 32, iterations = 4, threads = 1 (took 0 ms)
# PBKDF benchmark: memory cost = 512, iterations = 4, threads = 1 (took 2 ms)
# PBKDF benchmark: memory cost = 1024, iterations = 4, threads = 1 (took 5 ms)
# PBKDF benchmark: memory cost = 1024, iterations = 64, threads = 1 (took 80 ms)
# PBKDF benchmark: memory cost = 1024, iterations = 200, threads = 1 (took 255 ms)
# PBKDF benchmark: memory cost = 1024, iterations = 1568, threads = 1 (took 2016 ms)
# Benchmark returns argon2i() 1568 iterations, 1024 memory, 1 threads (for 512-bits key).
# Calculating attributes for LUKS2 keyslot 0.
# Updating keyslot area [0x8000].
# Acquiring write lock for device luks.img.
# Verifying write lock handle for device luks.img.
# Device luks.img WRITE lock taken.
# Opening locked device luks.img
# Veryfing locked device handle (regular file)
# Device luks.img WRITE lock released.
# Device size 52428800, offset 16777216.
# Acquiring write lock for device luks.img.
# Verifying write lock handle for device luks.img.
# Device luks.img WRITE lock taken.
# Trying to write LUKS2 header (16384 bytes) at offset 0.
# Opening locked device luks.img
# Veryfing locked device handle (regular file)
# Checksum:23c9d0ead8986b9292593f0632d6d37cb28a3d295296abd628dcd5cb03d5d0c3 (in-memory)
# Trying to write LUKS2 header (16384 bytes) at offset 16384.
# Opening locked device luks.img
# Veryfing locked device handle (regular file)
# Checksum:e64295f75ebf8fae0aaa58278c6fff26ca80a2d64d95d98b48473d52225d14df (in-memory)
# Device luks.img WRITE lock released.
Key slot 0 created.
# Releasing crypt device luks.img context.
# Releasing device-mapper backend.
# Unlocking memory.
Command successful.
root@host:/home/user# rm -rf luks.img
root@host:/home/user#
I dont see anything wrong with your output and I don't see why zuluCrypt is failing.
Will install Debian buster Monday to see for myself why its failing.
mhogomchungu
commented
5 years ago Where are you trying to create your volume?
In a container file or hard drive? If its in a hard drive, can you create a LUKS1/TrueCrypt/VeraCrypt volume?
If its in a hard drive ,can you create a LUKS2 volume with the test command i gave above but with "luks.img" path substituted with your hard drive
HulaHoopWhonix
commented
5 years ago In a container file or hard drive?
Just a container file. Haven't tried anything else for now.
If its in a hard drive ,can you create a LUKS2 volume with the test command i gave above but with "luks.img" path substituted with your hard drive
I'm a bit of a noob with HDD volume encryption. I focus on just container files.
HulaHoopWhonix
commented
5 years ago Will install Debian buster Monday to see for myself why its failing.
Thanks for spending time to install Buster.
Please use the opportunity to test deniable plain dm-crypt containers too, which I ran into problems with. It is a very interesting feature to have and I'm happy to see it exists on Linux.
mhogomchungu
commented
5 years ago I can not reproduce your issue in debian Buster.
What is the size of the container file you are creating?
mhogomchungu
commented
5 years ago Found the problem. The volume creation process took more than 30 seconds in your system and this[1] method was timing out after 30 seconds
This[2] commit solved the problem.
Thanks for the report.
[1] https://doc.qt.io/qt-5/qlocalsocket.html#waitForReadyRead [2] https://github.com/mhogomchungu/zuluCrypt/commit/a6417eb1fdbfdf4bb1fbdfc73cd7ba198d6e4cb0
I tried creating LUKS2 volumes on Debian Buster but it errors out without explanation. I have the cryptsetup binaries installed. Any idea if it is a missing dependency or a bug in ZC?