Problems using encryption software

sonichedgehog · 03-31-2012, 01:53 PM

Hi
I have used truecrypt as portable backup between OS including w$

Ubuntu works well. however, Fedora16 mounts my vfat harddisk partition readwrite but my pendrive vfat partition readonly, evan as root. I have tried many mount options from posts, specifying the filesystem, uid's, gid's, shmee-id's, you name it, I've had a go.

So I moved to realcrypt. That always prompts for a root password, then the truecrypt partitions mount as root only, with no ability to change- but now (at last) with read-write access.

I have setup sudoers and can start anything as user with su privileges, and the files can then be viewed by user, but now mounted read only. However, I feel that a line to allow access to whatever command launches realcrypt might work.

What I would like to achieve is any form of container encryption that I can move between platforms. I use scripts to backup, and the present rootonly access will cause problems.

I feel I'm getting close to a solution.

Is there something I can do to modify the way realcrypt starts up? At present I can see that usr/bin/realcrypt is only a link to /usr/bin/consolehelper but changing my sudoers to allow user to run commands realcrypt and consolehelper as root, in the same way as /usr/bin/truecrypt (btw the latter is only a filename, not a command) has had no effect. So I haven't been able to achieve the startup as user, which might solve the problem.

I hope someone has seen the same problem- but if not please point me in a direction to solve it.

If not, then I'll go outside the box and use encrypted tarballs to achieve the same, but I fear it'll be messy.

unSpawn · 04-01-2012, 05:13 AM

Quote:

Originally Posted by sonichedgehog

Ubuntu works well. however, Fedora16 mounts my vfat harddisk partition readwrite but my pendrive vfat partition readonly, evan as root.

That's odd. If the pen drive is mounted ro at the HW level then no VFS option will turn ro into rw. Do you mount the pen drive at boot or do you insert it only when needed? Does it make a difference when you insert it? What's the pen drives layout? Do all partitions fsck OK? What's the subsystem that automounts devices? Is it the same in both distributions? And what's the /etc/fstab difference in both distributions? Any clues in 'dmesg'?

sonichedgehog · 04-01-2012, 12:17 PM

Thank you for the reply
Working through your queries:

I insert the pen drive when needed, but there is no difference if it is inserted when I boot up.

Layout:

Code:

Disk /dev/sdg: 8032 MB, 8032092160 bytes
248 heads, 62 sectors/track, 1020 cylinders, total 15687680 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xc296954c

   Device Boot      Start         End      Blocks   Id  System
/dev/sdg1            2048    10741759     5369856   83  Linux
/dev/sdg2        10743808    15687679     2471936   83  Linux

Disk /dev/mapper/truecrypt2: 5498 MB, 5498470400 bytes
255 heads, 63 sectors/track, 668 cylinders, total 10739200 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

Result of fsck- I have noted from other posts that this type of issue occurs with damaged filesystems and that fsck repairs have been effective, but firstly believe that this has been used only on partitions that mount directly- fsck should only be forced on a truecrypt partition in read only mode, also my truecrypt partition is working on another OS. Here is the result:

partition 1 (fat32)

Code:

fsck from util-linux 2.20.1
Unsupported: replay_log()
Unsupported: check_volume()
Checking 108864 MFT records.
Unsupported cases found.

partition 2 (truecrypt, unmounted)

Code:

fsck from util-linux 2.20.1
Unsupported: replay_log()
Unsupported: check_volume()
Checking 10304 MFT records.
Unsupported cases found

partition 2 (truecrypt mounted)

Code:

fsck /dev/mapper/truecrypt2
fsck from util-linux 2.20.1
dosfsck 3.0.11, 24 Dec 2010, FAT32, LFN
There are differences between boot sector and its backup.
Differences: (offset:original/backup)
  67:85/45, 68:21/79, 69:15/fe, 70:ca/b8
1) Copy original to backup
2) Copy backup to original
3) No action
? 3
etc, many queries relating to filenames

Subsystem that mounts devices:
I don't know how to access this info. I have seen references to "memstick" as the subsystem for ubuntu but have not found anything corresponding for fedora

You mention fstab, but I only mount using truecrypt favourites, therefore fstab has no entries relating to this issue- so I have shown the relevant part of mtab:

fedora, partition mounted with truecrypt:

Code:

truecrypt /tmp/.truecrypt_aux_mnt2 fuse.truecrypt rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0
/dev/mapper/truecrypt1 /media/truecrypt1 vfat rw,relatime,uid=1000,gid=1000,fmask=0077,dmask=0077,codepage=cp437,iocharset=ascii,shortname=mixed,errors=remount-ro 0 0
/dev/sdg2 /media/6CCD-5710 vfat rw,nosuid,nodev,relatime,uid=1000,gid=1000,fmask=0022,dmask=0077,codepage=cp437,iocharset=ascii,shortname=mixed,showexec,utf8,flush,errors=remount-ro 0 0
/dev/mapper/truecrypt2 /media/truecrypt2 vfat ro,relatime,uid=1000,gid=1000,fmask=0077,dmask=0077,codepage=cp437,iocharset=ascii,shortname=mixed,errors=remount-ro 0 0

and the relevant entry when mounted with realcrypt:

Code:

/dev/mapper/realcrypt2 /media/realcrypt2 vfat rw,relatime,fmask=0077,dmask=0077,codepage=cp437,iocharset=ascii,shortname=mixed,errors=remount-ro 0 0
0

mtab, ubuntu, mounted using truecrypt:

Code:

mtab:
/dev/sdb2 /media/6CCD-5710 vfat rw,nosuid,nodev,uhelper=udisks,uid=1000,gid=1000,shortname=mixed,dmask=0077,utf8=1,flush 0 0
truecrypt /tmp/.truecrypt_aux_mnt1 fuse.truecrypt rw,nosuid,nodev,allow_other 0 0
/dev/mapper/truecrypt2 /media/truecrypt2 vfat rw,uid=1000,gid=1000,umask=077 0 0

I can see differences, but don't know how to intervene.

As you suspected, dmesg provided some clues, but I can't derive a solution from them:

fedora, device inserted:

Code:

[ 3400.019026] usb 1-6: new high-speed USB device number 4 using ehci_hcd
[ 3400.136052] usb 1-6: New USB device found, idVendor=0930, idProduct=6545
[ 3400.136059] usb 1-6: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3400.136064] usb 1-6: Product: USB Flash Memory
[ 3400.136068] usb 1-6: Manufacturer:         
[ 3400.136072] usb 1-6: SerialNumber: 001D92AD6BA9B911332B05B8
[ 3400.137245] scsi6 : usb-storage 1-6:1.0
[ 3401.177380] scsi 6:0:0:0: Direct-Access              USB Flash Memory PMAP PQ: 0 ANSI: 0 CCS
[ 3401.179544] sd 6:0:0:0: Attached scsi generic sg7 type 0
[ 3401.956631] sd 6:0:0:0: [sdg] 15687680 512-byte logical blocks: (8.03 GB/7.48 GiB)
[ 3401.957182] sd 6:0:0:0: [sdg] Write Protect is off
[ 3401.957189] sd 6:0:0:0: [sdg] Mode Sense: 23 00 00 00
[ 3401.957743] sd 6:0:0:0: [sdg] No Caching mode page present
[ 3401.957750] sd 6:0:0:0: [sdg] Assuming drive cache: write through
[ 3403.049159] sd 6:0:0:0: [sdg] No Caching mode page present
[ 3403.049167] sd 6:0:0:0: [sdg] Assuming drive cache: write through
[ 3403.079993]  sdg: sdg1 sdg2
[ 3403.083413] sd 6:0:0:0: [sdg] No Caching mode page present
[ 3403.083422] sd 6:0:0:0: [sdg] Assuming drive cache: write through
[ 3403.083427] sd 6:0:0:0: [sdg] Attached SCSI removable disk
[ 3404.990368] SELinux: initialized (dev sdg2, type vfat), uses genfs_contexts

fedora, truecrypt mount:

Code:

[ 5099.397396] FAT-fs (dm-0): error, invalid access to FAT (entry 0xf0854530)
[ 5099.397405] FAT-fs (dm-0): Filesystem has been set read-only
[ 5099.397826] FAT-fs (dm-0): error, invalid access to FAT (entry 0x78982c0a)

fedora, truecrypt dismount:

Code:

[ 5026.847844] losetup: sending ioctl 4c01 to a partition! (repeated)

fedora, realcrypt mount: (first line may be irrelevant)

Code:

[ 6116.136034] [drm:i915_hangcheck_ring_idle] *ERROR* Hangcheck timer elapsed... render ring idle [waiting on 227721, at 227721], missed IRQ?
[ 6122.397873] SELinux: initialized (dev fuse, type fuse), uses genfs_contexts
[ 6122.819039] SELinux: initialized (dev dm-0, type vfat), uses genfs_contexts

ubuntu, device inserted:

Code:

[ **85.988130] usb 1-5: new high speed USB device using ehci_hcd and address 3
[ **86.123631] usb 1-5: configuration #1 chosen from 1 choice
[ **86.597993] Initializing USB Mass Storage driver...
[ **86.598554] scsi6 : SCSI emulation for USB Mass Storage devices
[ **86.599313] usbcore: registered new interface driver usb-storage
[ **86.599326] USB Mass Storage support registered.
[ **86.609350] usb-storage: device found at 3
[ **86.609359] usb-storage: waiting for device to settle before scanning
[ **91.608592] usb-storage: device scan complete
[ **91.645889] scsi 6:0:0:0: Direct-Access ************ USB Flash Memory PMAP PQ: 0 ANSI: 0 CCS
[ **91.648439] sd 6:0:0:0: Attached scsi generic sg1 type 0
[ **92.104337] sd 6:0:0:0: [sdb] 15687680 512-byte logical blocks: (8.03 GB/7.48 GiB)
[ **92.104935] sd 6:0:0:0: [sdb] Write Protect is off
[ **92.104951] sd 6:0:0:0: [sdb] Mode Sense: 23 00 00 00
[ **92.104962] sd 6:0:0:0: [sdb] Assuming drive cache: write through
[ **92.110995] sd 6:0:0:0: [sdb] Assuming drive cache: write through
[ **92.111029] *sdb: sdb1 sdb2
[ **92.146964] sd 6:0:0:0: [sdb] Assuming drive cache: write through
[ **92.146991] sd 6:0:0:0: [sdb] Attached SCSI removable disk

Ubuntu, nothing on dmesg when truecrypt mounted

unSpawn · 04-02-2012, 05:10 PM

Thanks for the output, much appreciated. So as it seems Ubuntu mounts Truecrypt volume 2 OK and Fedora mounts the Realcrypt volume OK but at a the device-mapper level Fedora detects Truecrypt volume 2 contains VFAT errors... Now as far as I've read Realcrypt is basically modified Truecrypt so if Realcrypt reads Truecrypt volume 2 OK then maybe go with that? I don't know where to start troubleshooting Fedora device-mapper problems the quick and easy way.

sonichedgehog · 04-06-2012, 08:17 AM

Agreed, I'm not going to try anything else. Something in /usr/sbin/realcrypt will not allow any user except root to run Realcrypt, even with an appropriate sudoers entry. It would be necessary to examine the code, and neither eclipse nor HT has been able to interpret the file.

sonichedgehog · 04-22-2012, 05:23 PM

Truecrypt now mounts read-write!

I have made significant changes since the above posts, by downloading kde. This requires the installation of a large number of applications, and I can only assume that one or more of these have changed the way Fedora handles removable media (recalling that there has never been a problem with mounting hd partitions, including encrypted ones). Perhaps something related to the trayicon for handling media?

I will not mark as solved as I don't know why the problem has gone away.

For now, I don't propose to do anything else, but if it will assist other users I will try to answer questions relating to this installation.