Hi Anno, On Sat, May 21, 2005 at 12:08:42AM +0200, Anno wrote: > Package: loop-aes-utils > Version: 2.12a-3 > Severity: important > > short version: > > Problem: Unable to losetup an encrypted filesystem. > Error: "ioctl: LOOP_MULTI_KEY_SETUP_V3: invalid argument" > TEMPORARY FIX: downgrade from 2.12p-4 to 2.12a-3
The likely reason is: You have a keyfile in v3 format, but were using it with v2 tools and loop-AES previously. This combination detected and used the v3 keyfile in v2 multi-key mode. When you upgraded to 2.12p-4, losetup started to (correctly) identify your keyfile as v3 and tried to use it with v3 multi-key setup. The v3 setup is not supported by 2.x versions of the loop-AES module, hence the "invalid argument" error from losetup. > long story: > > My setup had been in a working state. > On May 18th I did an upgrade of loop-aes-utils 2.12a-3 -> 2.12p-4 > (together with upgrade of mount 2.12-10 -> 2.12p-4.) > Since then I didn't use the computer. Today, it refused to mount my > encrypted filesystem that is stored in a file, giving the above error > message. I use twofish192 encryption on it, the keys are gpg-encrypted > stored in some part of the file (created like > <[EMAIL PROTECTED]>). Right, the commands Jari showed there indeed create a v3 keyfile. > Purging and reinstalling loop-aes-utils (2.12p-4) didn't help. > So, finally I came to downgrading and luckily found a mirror with > 2.12a-3 still available. After the downgrade mounting the fs worked > right away. The problem with your current setup (v3 keyfile used in v2 mode) is that once you upgrade to loop-AES 3.x, this combination will likely result in an incorrect decryption. To avoid that problem, I would recommend to put loop-aes-utils 2.12a-3 on hold for the moment, and re-encrypt the device when you have time / space / ... for this. You have two options for re-encryption: Using a v2 keyfile (works with your current loop-AES module and -utils 2.12a or 2.12p, but needs a new v2 keyfile), or using a v3 keyfile (requires loop-aes-source 3.x from experimental and -utils 2.12p, but you can keep your current v3 keyfile) (It MAY be possible to avoid re-encryption by editing your keyfile and "converting" it to v2 mode. I haven't tried this, but if you feel like having an adventure ;-) you could try # dd if=/dev/device of=keyfile-v3 bs=8192 count=1 conv=notrunc (try losetup with 2.12a and this keyfile-v3 to verify it's correct) # gpg --decrypt keyfile-v3 | head -n 64 | gpg --symmetric -a > keyfile-v2 (try losetup again with this keyfile-v2; It should work with 2.12a and 2.12p; losetup -a from 2.12p should show "multi-key-v2") # dd if=keyfile-v2 of=/dev/device bs=8192 count=1 conv=notrunc Please be careful though and make backups in case you want to try this. All but the last step should be safe to try without touching your data. Again, not tested, NO WARRANTY, etc.) Hope this helps. cheers, Max -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
