LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   problem with cryptsetup (http://www.linuxquestions.org/questions/linux-security-4/problem-with-cryptsetup-845615/)

skoinga 11-21-2010 07:35 AM

problem with cryptsetup
 
Hi all.

i've created an encrypted volume with the following commands:

Quote:

dd if=/dev/urandom of=./secret bs=1M count=10
sudo losetup /dev/loop0 /home/skoinga/secret
sudo cryptsetup -c aes -y create secret /dev/loop0
sudo mke2fs -j /dev/mapper/secret
I can successfully mount and write on that volume.
When I dismount this volume and try to remont, I got this error:

Quote:

mount: wrong fs type, bad option, bad superblock on /dev/mapper/secret,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so

and in dmesg:
Quote:

[ 6372.799527] EXT3-fs error (device dm-0): ext3_check_descriptors: Block bitmap for group 0 not in group (block 1752694931)!
[ 6372.801126] EXT3-fs (dm-0): error: group descriptors corrupted
[ 9285.574341] EXT3-fs: barriers not enabled
[ 9285.574464] kjournald starting. Commit interval 5 seconds
[ 9285.574580] EXT3-fs (dm-0): using internal journal
[ 9285.574588] EXT3-fs (dm-0): mounted filesystem with ordered data mode
[ 9408.511844] EXT3-fs error (device dm-0): ext3_check_descriptors: Block bitmap for group 0 not in group (block 1752694931)!
[ 9408.513412] EXT3-fs (dm-0): error: group descriptors corrupted
I've already used the same commands on my older OS (Linux Mint 9).
Now I'm on Linux Mint 10.
The only difference is that now I've an ext4 root partition (/).
This can be a problem?

Thankyou.

Noway2 11-22-2010 05:48 AM

2 Attachment(s)
What commands are you using to remount after the initial file creation? It has been a while since I have done this, but I recall the commands are slightly different.

I have attached a couple of script files to this post, one for mount and unmount that work with ext4. You will at least need to change the name of the volume, which in my case is disk.img and double check the name of the names of the underlying files. In the script, it creates a /dev/usbkey and mounts the file system to /media/encrypted.

Note, these scripts are modified versions of one originally found on an Ubuntu wiki for creating encrypted volumes. The wiki page might have some helpful information.

skoinga 11-22-2010 12:02 PM

Quote:

Originally Posted by Noway2 (Post 4166933)
What commands are you using to remount after the initial file creation? It has been a while since I have done this, but I recall the commands are slightly different.

Maybe you forgot the command to create the filesystem?

Anyway, I've followed your commands:

Quote:

#modprobe aes_generic
#mkdir -p /media/encrypted
#dd if=/dev/urandom of=/root/test bs=1M count=100
100+0 records in
100+0 records out
104857600 bytes (105 MB) copied, 33.0241 s, 3.2 MB/s
#losetup /dev/loop0 /root/test
#cryptsetup -c aes -s 256 -h sha256 create test /dev/loop0
Enter passphrase:
#mount -t ext4 /dev/mapper/test /media/encrypted/
mount: wrong fs type, bad option, bad superblock on /dev/mapper/test,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so

Noway2 11-23-2010 04:46 AM

I am not sure I fully understand your reply. The scripts that I attached were just to mount and unmount an existing ecryptfs volume, not to create one. Here is the link that I followed initially. It is based upon the idea that you want to store GPG keys in an encrypted volume on a USB stick, but the technique followed should be the same.

skoinga 11-30-2010 06:52 AM

Quote:

Originally Posted by Noway2 (Post 4167923)
I am not sure I fully understand your reply. The scripts that I attached were just to mount and unmount an existing ecryptfs volume, not to create one. Here is the link that I followed initially. It is based upon the idea that you want to store GPG keys in an encrypted volume on a USB stick, but the technique followed should be the same.

My fault. I was omitting the "-c aes" cryptsetup parameter when mounting the loop device.
Thankyou


All times are GMT -5. The time now is 10:32 PM.