Find the answer to your Linux question:
Results 1 to 3 of 3
Hello, A couple of days ago, I startet a process to create a new encrypted LVM-partition, and move everything I got from the regular LVM to the encrypted one. Btw, ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2007
    Posts
    2

    GPG: Suddenly lost access to encryptet file


    Hello,

    A couple of days ago, I startet a process to create a new encrypted LVM-partition, and move everything I got from the regular LVM to the encrypted one. Btw, I use loop-aes to encrypt my partition.

    Now, after some days, some unmounts/mounts, I suddenly gets "Error: gpg key file decryption failed" every time I try to mount.
    If I try to decrypt manually with "gpg -vvv -d ./keyfile.gpg" all I get is:

    -----------------------------------------------
    gpg: using character set `iso-8859-1'
    gpg: armor: BEGIN PGP MESSAGE
    gpg: armor header: Version: GnuPG v1.4.7 (GNU/Linux)
    :symkey enc packet: version 4, cipher 3, s2k 3, hash 2
    salt 625d5ec3f0310439, count 65536 (96)
    gpg: CAST5 encrypted data
    :encrypted data packet:
    length: unknown
    gpg: encrypted with 1 passphrase
    gpg: decryption failed: bad key

    -----------------------------------------------

    Now, some info about how I made this.
    -emerged gnupg (using gentoo)
    -maked a new random passphrase for myself with: "head -c 65 /dec/random | uuencode -m - > mypass"
    -maked a keyfile for my future disk encryption: "head -c 2880 /dev/random | uuencode -m - | head -n 65 | tail -n 64 | gpg --symmetric -a > keyfile.gpg"
    When asked for a password, I copy&pasted the whole text from "mypass".

    Now, after using losetup to set up the encryption, filled the disk with random data with dd and blah blah blah, I was ready for use. I mounted the disk successfully with "mount -o encryption=aes256,gpgkey=/root/keyfile,loop=/dev/loop0 /dev/ftpcrypt/ftpcrypt1 /home/ftp". Also here just copy&pasted the data from "mypass" when mount asked me for pass.
    Suddenly now, today, after unmounting, adding new disks to lvm, lvextended, resized with resize_reiserfs and "losetup -R", this happends. I don't think losetup/mount/lvm can have anything to do with this..

    So.. Any possible solutions? May it be because I did not create a private key to pgp before starting this? I have not use pgp before, so Im a newbie..
    I've tested to copy both mypass and keyfile.gpg over to other computers, no luck there either.
    Oh, and one more thing: I opened my keyfile.gpg in vim, don't remember if I used ": x" or ": q" to quit.. Could vim do something with the file if I used ": x"?

    And of course: I am the only one with access to this server, so my mypass file is untouched..

    Thanks in advance for any help!

  2. #2
    Just Joined!
    Join Date
    Oct 2007
    Posts
    2
    Seems like this is my fault.. Not that I didn't think that before, but... :P

    My keyfile.gpg is exactly 8 bytes larger than any other gpg-file created the same way, with "head -c 2880 /dev/random". Thought at first that vim had converted some newlines or something, but my comparisons in a hexeditor does not back up that solution.

    Theres one line, the third line from the bottom, "e0noB....". This one is 32 chars long, but in all the other gpg's I've made, its only 24. Could it possibly be this line destroying my file? If I try to alter it, I'm getting CRC error.. I've tried to remove 8bytes at the time (as one string) at all 25 combinations and decrypted it with --ingore-crc-error, but no luck. Don't understand how I could have entered chars at random places at the bottom line But then again, don't understand how I could be stupid enough to alter this file in the first place - even if it was an accident..

    How is it possible that I/vim has altered this file, and getting no CRC errors? Are there any magic tricks I can use in vim to convert it back or anything? Im willing to try alot of alternatives here.

    Btw, I've checked charset++, they're all iso-8859-1.

    Thanks again!

    iQFSctbfzLN3Ud6q6Wy6GvUBu1RvDUQ1QYSBB6xBrCulfA86kb jlu+NAcGSB+3MW
    HUivDXIVRSWnxVUp+u6i+V9tRCSVQ/W+yKeOxiPOGLBYYbDZRYTtqSY2SSMMhb3j
    e0NoBkWAwZFN1z6X2WAwrRTb+NkHV/4=
    =ZA6d
    -----END PGP MESSAGE-----

  3. #3
    Just Joined!
    Join Date
    Dec 2008
    Location
    Berlin Germany
    Posts
    4

    I think it's faulty comand line by Key creation ...

    look at this:

    Faulty: ->>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    $: head -c 3705 /dev/random | uuencode -m - | head -n 66 | gpg --symmetric -a > ~/myKey.secret

    $: losetup -e AES128 -G / -K /mydir/myKey.secret /dev/loop0 /dev/mapper/osVg-lvRoot
    Password: ****** ****** ********* **
    Error:gpg key decryption failed

    or

    Error: Password must be at least 20 characters (Although it is more then that!)

    End Faulty: <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<-/

    Right one: ->>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    $: head -c 3705 /dev/random | uuencode -m - | head -n 66 | tail -n 65 | gpg --symmetric -a > ~/myKey.secret

    $: losetup -e AES128 -G / -K /mydir/myKey.secret /dev/loop0 /dev/mapper/osVg-lvRoot
    Password: ****** ****** ********* **
    $:

    End Right one: <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<-/

    Don't loos the tail cat!
    Some times it can be usefull!

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •