On Sat, May 21, 2005 at 11:30:40PM +0200, Anno wrote: > > # gpg --decrypt keyfile-v3 | head -n 64 | gpg --symmetric -a > keyfile-v2 > > (try losetup again with this keyfile-v2; It should work with 2.12a > > and 2.12p; losetup -a from 2.12p should show "multi-key-v2")
> With "loop-aes-utils -a" from 2.12p I get "multi-key-v3" !!! with > keyfile-v2 and the original error message with keyfile-v3. But with > keyfile-v2 (using loop-aes-utils 2.12p) it is set up correctly and I > can mount it! What is going on here? If you do "gpg --decrypt keyfile-v2 | wc -l", does it return 64 or something else? If it returns 64, things are alright. I just verified that losetup of a v2 keyfile using 2.12p shows as multi-key-v3, when you have a loop-AES version 2.x module loaded. With a version 3.x module, it correctly shows as multi-key-v2. The reason is that between loop-AES 2.x and 3.x, the meaning of bit 0x80000 in lo_flags changed from do_bmap to multi-key mode v3, which caused losetup to detect multi-key-v3 if do_bmap was set. This change affects only losetup -a display though, and the setup is correctly done in multi-key mode v2. > I noticed that keyfile-v3 has 3915 newlines at the end, is this to > worry me for the final step (which I did not yet take)?: I don't think it should be a problem (but note that I haven't used such a setup myself). The reason for the newlines is probably the first step Jari showed in his mail, 'yes ""', which filled the first block with newlines. Since the keyfile is likely shorter than 8192 bytes, the padding was extracted along with it when you did the dd. > > # dd if=keyfile-v2 of=/dev/device bs=8192 count=1 conv=notrunc > > I'm planning on trying this on a copy tomorrow. I want to give my > harddrive a little rest inbetween though.... it's rather large > quantities it has to shuffle around. And a comment from you if you > think it is safe any more would maybe spare it some heat, particularly > if you don't think I should try this... ;-) If it's on a copy, go ahead :-) The only problem I can think of is, if your converted keyfile is smaller than the old one, parts of the old keyfile maybe left in place where there should be newline padding. I don't know if gpg requires this padding, perhaps it is necessary to repeat the first step (yes "" | dd ...) before writing the new keyfile. cheers, Max -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
