Unable to open LUKS2 container + external header

[git70]

When I try to open using luks plugin, I get the message: "Volume could not be opened with the presented key" Current version: 5.6.0.1569071478.a365c2ad-0 Linux Mint 19.2

BTW: What is the Generic_header plugin for?

[mhogomchungu]

Git version solved this problem.

Source of the problem was caused by LUKS2 volume header being larger than expected.

Thanks for the report.

[mhogomchungu]

Generic_header plugin unlocks a VeraCrypt volume using a key that is stored in a LUKS container. A long time ago, somebody asked for it because they had to use a VeraCrypt volume for some reason but the long delay when unlocking a volume was annoying and they asked if i could do something about it and this plugin was my solution.

[git70]

Git version solved this problem.

Do the current versions here contain all patches from recent days? https://download.opensuse.org/repositories/home:/mhogomchungu/xUbuntu_18.04/amd64/ Do you build binaries on a regular basis after commits? I don't like building with git ;)

[mhogomchungu]

Yes, the current binaries have the latest changes.

[git70]

Thank you Francis for your great work! Your problem solving speed is fantastic :) Give me the BTC address, I would like to put a beer for you ;)

[mhogomchungu]

Thanks in advance, the BTC address you can use is: 3HztKys4zoxGQTiw2oTRUqEBhdUTgwC59f

[mhogomchungu]

Thanks for the coins.

:+1:

[git70]

I am adding to this thread because the problem seems to be a continuation. I didn't notice before because I only worked on a USB stick.

Scenario 1: Hard disk connected via SATA on the motherboard LUKS2 + external header Creating In A Hard Drive container (not in file) - success Opening - "Volume could not be opened with the presented key"

Scenario 2: Hard disk connected via USB adapter LUKS2 + external header Creating In A Hard Drive container (not in file) - success Opening - "Volume could not be opened with the presented key"

Scenario 3: Hard disk connected via SATA on the motherboard Plain DM-CRYPT Creating In A Hard Drive container (not in file) - success Opening - success

Scenario 4: Hard disk connected via USB adapter Plain DM-CRYPT Creating In A Hard Drive container (not in file) - success Opening - success

Scenario 5: USB stick Plain DM-CRYPT and LUKS2 + external header work properly

Scenario 6: All LUKS modes with built-in header work fine.

[mhogomchungu]

Works fine here, did you open the volumes that were created with an external header using "luks" plugin?

[git70]

Yes - luks plugin.

[git70]

Have you noticed an interesting phenomenon? (scenario 5) The pendrive works ok, but a regular hard disk has a problem ...

[mhogomchungu]

Yes, i noticed that.

I only have a pendrive and it works here and it works there too.

I am trying to get an external hardrive that is connected to the computer through a usb port to test the scenario where it failing on your end hoping to reproduce the problem.

[git70]

Remember scenario 1 - connection via regular SATA also does not work with an external header. But the built-in LUKS header and dm-crypt are now working properly.

[mhogomchungu]

install updated binary packages and try again with scenario 1 or 2.

[git70]

Unfortunately, it's still the same. In addition, I checked on another computer and behaves the same.

[mhogomchungu]

The problem could be with cryptsetup tool.

1. Open the terminal and log in to root's account.
2. Unlock the volume using cryptsetup directly, the command to run is something like cryptsetup open /dev/ABC --header /path/to/header abc
3. Observe if you will get a wrong password error or not and report your result.
4. If it succeeds, run the following command to remove the encryption mapper cryptsetup remove abc

[git70]

Password correct - I opened and closed correctly.

What exactly is the ZuluCrypt command for cryptsetup when creating such a container? I will do a manual test.

[git70]

The problem was solved by the problem https://github.com/mhogomchungu/zuluCrypt/issues/136#issuecomment-537222321

[mhogomchungu]

Unlocking of LUKS volumes with an external header is now independent of the plugin system and hence works while zuluCrypt-gui is working with polkit support.

The "LUKS external header path" as seen in the image below now holds the path to the header when unlocking a LUKS volume.