LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   issues with cryptsetup on CentOS 5.3 (kernel 2.6.18-128) (https://www.linuxquestions.org/questions/linux-newbie-8/issues-with-cryptsetup-on-centos-5-3-kernel-2-6-18-128-a-4175502456/)

Madhusudan801 04-21-2014 08:33 AM
issues with cryptsetup on CentOS 5.3 (kernel 2.6.18-128)
 
Hi,
Let me at the outset apologise for posting about cryptsetup about which i found some threads existing but the workarounds suggested in those dint quite help me...so here goes:

The following are the details of my set up
Linux flavour - Cent OS version 5.3
Kernel Version - 2.6.18-128.el5

Issue -
I am trying to encrypt a partition (i created a partition at the time of installation itself) on my hardisk using LUKS. I use the following command to achieve the same:
Code:
cryptsetup –c aes-cbc-essiv:sha256 –y –s 256 luksFormat /dev/sda3
initially i kept getting the following error message:
Code:
      Failed to set up dm-crypt key mapping
      Check kernel support for the aes-cbc-essiv:sha256 cipher spec and verify that /dev/sda3 contains at least 258 sectors.
      Failed to write key storage
(i tried the cryptsetup with the other ciphers as well like aes-xts-plain64 but that dint work as well)

but then that changed today..the error message i get today is
Code:
Command failed
I have no idea what made this change happen...

The cryptsetup version is 1.0.3

Some of the diagnostics i performed
i did the following before using the cryptsetup
Code:
modprobe dm_crypt
modprobe dm_mod
modprobe aes
modprobe cbc
modprobe sha256
I did the last three steps because i cudnt find the aes-cbc-essiv:sha256 cipher in my /proc/crypto file

The following changes have also been made on /etc/lvm/lvm.conf
Code:
types = [ "device-mapper", 16 ]
filter = [ "a|^/dev/mapper/[A-Z].*|", "r|^/dev/mapper/.*|", "a/.*/" ]
The dmsetup targets command gives the following output:
crypt v1.3.0
multipath v1.0.5
raid45 v1.0.0
snapshot-origin v1.6.0
zero v1.0.0
mirror v1.2.0
striped v1.1.0
linear v1.0.2
error v1.0.1

Please let me know where i am going wrong....

Thanks in Advance...
Madhusudan

John VV 04-21-2014 12:23 PM
I take it you are not aware that CentOS 5.3 is 7 minor versions OUT of Date
and has been UNSUPPORTED since it went End of Life in October of 2009

5.3 is 4.5 YEARS OUT OF DATE
DO NOT USE IT !!!!!

upgrade to the current 5,10 in the older legacy 5 series ( if you MUST use 5 for old legacy hardware )
or
install the Current CentOS 6.5

Madhusudan801 04-22-2014 07:02 AM
Thanks for the suggestion John VV. I would not be able to upgrade the OS easily....thats another story for another day.....

Anyways....i managed to complete the encrytption successfully. I had not unmounted the partition before trying to encrypt it..so before we
Code:
cryptsetup luksFormat /dev/sda3
we need to
Code:
umount /dev/sda3
Thanks!!

John VV 04-22-2014 12:19 PM
mind you if you are using that encrypted partition for SECURITY reasons
a lot of bug and random number bugs have been fixed in the last 4.5 YEARS

this might leave that encryption almost USELESS
extreme caution should be used until you can use up to date software


All times are GMT -5. The time now is 06:32 AM.