what is the command to open/mount a LUKS with password + keyfile ?

[JackDinn]

I have a problem with mounting my LUKS volume with the GUI, it's only sometimes mounting, about 50% of the time. The rest it errors with https://i.imgur.com/2n9ndoT.png So i wanted to take a look via the terminal.

However I just cant figure the command to open or mount my LUKS volume which has both a password and a keyfile?

first just -O -d, I paste in my password when it asks and it fails

[greg-pc greg]# zuluCrypt-cli -O -d /home/greg//testdir/zulu/zulu-main
Enter passphrase: realloc(): invalid next size
Aborted (core dumped)`

Next with -f

[greg-pc greg]# zuluCrypt-cli -O -d /home/greg//testdir/zulu/zulu-main -f /home/greg/Documents/keyfile 
ERROR: Volume could not be opened with the presented key

Next i try with -p

[greg-pc greg]# zuluCrypt-cli -O -d /home/greg//testdir/zulu/zulu-main -p mypassword
ERROR: Volume could not be opened with the presented key

Finally with both -f and -p

[greg-pc greg]# zuluCrypt-cli -O -d /home/greg//testdir/zulu/zulu-main -f '/home/greg/Documents/keyfile' -p mypassword
ERROR: Volume could not be opened with the presented key

So im stumped.

[mhogomchungu]

1. Only root user should be allowed to run zuluCrypt-cli with -O option. You are supposed to be using -o option. The first options unlocks a volume without mounting it and the second option unlocks the volume and mounts it.
2. What distribution are you running and in what architecture?
3. What version of zuluCrypt are you using?
4. With key+keyfile key combo, the effective key is calculated using hmac_sha256(key,keyfile). This means the effective key to pass to zuluCrypt-gui can be calculated using a tool called hmac256 and you generate the effective key using hmac256 <password> <path to keyfile>. Pass the result to zuluCrypt using -p option.
5. zuluCrypt-cli should be called with a command like zuluCrypt-cli -o -d /home/greg//testdir/zulu/zulu-main -p <password generated in step 4 above>

Remember to later on open .bash_history file located in your home directory and remove all command entries with your passwords.

[JackDinn]

thx for the response, Bit odd that zulu does not contain a method of doing that its self (just a noobs opinion) However I can now see if i can find any more info as to why my volume is failing to open 50% of the time, although i doubt it will do much more than just throw a similar if not the same error but for now I shall just leave my specs while i do some more testing today.

Only root user should be allowed to run zuluCrypt-cli with -O option. You are supposed to be using -o option. The first options unlocks a volume without mounting it and the second option unlocks the volume and mounts it.

I was only looking for any opening errors first so i started without trying to mount. (i was in root).

System: Host: greg-pc Kernel: 5.0.18-1-MANJARO x86_64 bits: 64 compiler: gcc v: 8.3.0 Desktop: KDE Plasma 5.15.5 Distro: Manjaro Linux zulucyrpt 5.5.0-2

[JackDinn]

well i really dont know. I can mount/dismount it via CLI as much as i want without any errors but it seems that when i try a couple of times with GUI's, zulumount and/or zulucrypt, it will fail. Directly after it failed via the GUI i tried with the CLI and i then get the error.

❰greg❙~❱✔≻ zuluCrypt-cli -o -d zulu/zulu-main -p 2df35cxxxxxx...
SUCCESS: luks volume opened successfully
volume mounted at: /run/media/private/greg/zulu-main
❰greg❙~❱✔≻ zuluCrypt-cli -q -d zulu/zulu-main -p 2df35cxxxxxx...
SUCCESS: volume closed successfully 
❰greg❙~❱✔≻ zuluCrypt-cli -o -d zulu/zulu-main -p 2df35cxxxxxx...
ERROR: Failed to mount a filesystem:invalid/unsupported mount option or unsupported file system encountered
❰greg❙~❱✘≻

I close the GUI and its working every time again via CLI. I shall use the CLI from now on i think.

[mhogomchungu]

thx for the response, Bit odd that zulu does not contain a method of doing that its self (just a noobs opinion)

GUI components do it themselves and pass the result to CLI components. I guess laziness was what prevented me from adding the functionality to CLI components after i was done adding it to the GUI components.

It will be hard to solve this issue because i have never experienced it and all my attempts to try to reproduce it have so far failed.

[JackDinn]

ok, well thx for taking a look. I don't need to open my encrypted data very often but when i do i shall keep trying the GUI and keep an eye on it. At least i know how to open it via cli if needed.