LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-29-2016, 08:36 AM   #1
akiras rain
Member
 
Registered: Dec 2015
Location: philadelphia usa
Distribution: peppermint.lubuntu,puppy
Posts: 44

Rep: Reputation: Disabled
Trying to use cryptsetup in terminal to create encrypted partitions. zulucrypt won't work


I can't use zulucrypt gui because it says i need root privileges to create. "even though i entered my password for zulucrypt to startup."

so now this is what i entered in terminal trying to use cryptsetup.

# sudo cryptsetup -c serpent-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-urandom /dev/sdb2


this is my error??

cryptsetup: Unknown action


i feel using cryptsetup will be more secure that relying on zulucrypt gui because there might be weaknesses in zulucrypts implementation.




i am using unbuntu 16.04 lts 64bit using ZULUCRYPT version 4.7.7
 
Old 12-29-2016, 09:16 AM   #2
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 4,535

Rep: Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077
Quote:
Originally Posted by akiras rain View Post
# sudo cryptsetup -c serpent-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-urandom /dev/sdb2


this is my error??

cryptsetup: Unknown action
You gave a lot of options, but never specified an action, and you said what device to use, but never what name to create. Since "--use-random" is specific to LUKS devices, I presume that is what you are trying to create.
Code:
sudo cryptsetup luksFormat -c serpent-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-urandom some_name /dev/sdb2
The name you use in place of "some_name" is what will appear in /dev/mapper as the decrypted device.
 
Old 12-29-2016, 10:04 AM   #3
akiras rain
Member
 
Registered: Dec 2015
Location: philadelphia usa
Distribution: peppermint.lubuntu,puppy
Posts: 44

Original Poster
Rep: Reputation: Disabled
still need help. here is what i did....


four@System:~$ sudo cryptsetup luksFormat -c serpent-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-urandom testdrive /dev/sdb2

WARNING!
========
This will overwrite data on testdrive irrevocably.

Are you sure? (Type uppercase yes): YES


Device testdrive doesn't exist or access denied.
 
Old 12-29-2016, 10:52 AM   #4
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 4,535

Rep: Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077
Sorry, I got a bit confused. "cryptsetup luksFormat" doesn't take a name for the device to create. That doesn't happen until later when you run "cryptsetup open ...". Try again without that argument:
Code:
sudo cryptsetup luksFormat -c serpent-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-urandom /dev/sdb2
 
Old 12-29-2016, 01:21 PM   #5
mhogomchungu
LQ Newbie
 
Registered: Mar 2014
Posts: 20

Rep: Reputation: Disabled
Quote:
Originally Posted by akiras rain View Post
I can't use zulucrypt gui because it says i need root privileges to create. "even though i entered my password for zulucrypt to startup."

so now this is what i entered in terminal trying to use cryptsetup.

# sudo cryptsetup -c serpent-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-urandom /dev/sdb2


this is my error??

cryptsetup: Unknown action


i feel using cryptsetup will be more secure that relying on zulucrypt gui because there might be weaknesses in zulucrypts implementation.




i am using unbuntu 16.04 lts 64bit using ZULUCRYPT version 4.7.7
Hi,founder and current maintainer of zuluCrypt here.
zuluCrypt is just a fancy GUI frontend to cryptsetup and it does not do anything by itself,it just takes your input and passes them to cryptsetup.

You can easily check if zuluCrypt screwed up anything by later on checking properties of the volume you have created with cryptsetup(using cryptsetup luksDump).

iteration count of 5000 is simply too small,the minimum recommended these days is 10,000 and cryptsetup will default to use a value that will take about a second to unlock a volume(my local test here says thats 21500 iterations and i double it will be less that 5000 on your computer).

It makes no sense to not use zuluCrypt because of concerns that it might create a less than secured volume and followed it up with manually creating a volume with such an insecure property.

Creating a volume manually is a 4 step process.
1. You create a volume using cryptsetup luksFormat
2. You unlock a volume using cryptsetup LuksOpen
3. You create a file system on the volume through the opened mapper
4. You close the volume with cryptsetup luksClose
 
Old 12-29-2016, 01:34 PM   #6
akiras rain
Member
 
Registered: Dec 2015
Location: philadelphia usa
Distribution: peppermint.lubuntu,puppy
Posts: 44

Original Poster
Rep: Reputation: Disabled
mhogomchungu don't send me a prewritten response I authenticate with sudo password when i open zulucrypt so why when i try to create a container does it say i am not root and permission denied???
 
Old 12-29-2016, 02:43 PM   #7
mhogomchungu
LQ Newbie
 
Registered: Mar 2014
Posts: 20

Rep: Reputation: Disabled
Quote:
Originally Posted by akiras rain View Post
mhogomchungu don't send me a prewritten response I authenticate with sudo password when i open zulucrypt so why when i try to create a container does it say i am not root and permission denied???
you are using version 4.7.7,the latest version is 5.0.2 with 5.1.0 to be released on the first of next month. The version you are using is 6 versions behind!!!

You are running zuluCrypt in what it calls "mixed mode",this is when GUI components runs privileged but they serve a normal user. You are getting rejected because as a normal user,you are not allowed to do what you want to do(You cant do destructive operations on what zuluCrypt calls "system device").

To truly run zuluCrypt-gui with root's privileges,open the terminal and run "sudo zuluCrypt-gui",what you were doing is running "sudo zuluCrypt-gui -K $UID",the -K $UID argument is what triggers the mode the option resolved to your normal user account user id.

The version of zuluCrypt you are using is too old,update to the latest version(the packages i provide on the project main page gives better experience).

My previous comment and this one are not pre written and they take considerable amount of time to type,in this comment for example,i had to download,build and test zuluCrypt 4.7.7 to see if i can reproduce the behavior you described and in my previous comment,i had to open the terminal,log in to root and run a bunch of cryptsetup commands to confirm those steps i mentioned.
 
Old 12-29-2016, 04:35 PM   #8
akiras rain
Member
 
Registered: Dec 2015
Location: philadelphia usa
Distribution: peppermint.lubuntu,puppy
Posts: 44

Original Poster
Rep: Reputation: Disabled
Mhogomchungu thanks for your prompt and lengthy response. I very much appreciate it��What I did was click on the icon for zulucrypt then the system, prompted me to put my password in.


I will upgrade to latest version then sudo zulucrypt-GUI and see if it works.

RK I will also try your fix for doing it in cryptsetup.


Thanks I will try these in the morning and post the results!
 
Old 12-30-2016, 09:52 AM   #9
akiras rain
Member
 
Registered: Dec 2015
Location: philadelphia usa
Distribution: peppermint.lubuntu,puppy
Posts: 44

Original Poster
Rep: Reputation: Disabled
ok using cryptsetup i get this

four@System:~$ sudo cryptsetup luksFormat -c serpent-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-urandom /dev/sdb1

WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:

Cannot format device /dev/sdb1 which is still in use.

four@System:~$


I get STILL IN USE BUSY for every disk i try to do like 3 different ones.



---------------------------------------------

for zulucrypt there was a mapper problem. and it won't format.

also i downloaded the unbuntu 16.04 package and opened the gui window and clicked install and the won't install
 
Old 12-30-2016, 11:34 AM   #10
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 4,535

Rep: Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077Reputation: 2077
Let's see what is on there and then try to guess what might be using it.
Code:
sudo blkid /dev/sdb1
sudo file -s /dev/sdb1
sudo dmsetup deps | grep '(8,'
 
Old 12-30-2016, 11:47 AM   #11
mhogomchungu
LQ Newbie
 
Registered: Mar 2014
Posts: 20

Rep: Reputation: Disabled
Things will fail with zuluCrypt when they fail with cryptsetup.

Like what the error says,your device is still in use,stop using them and try again.

Two possible reasons of why they are in use.

1. They have a file system and the file system is mounted.
2. They are used by lvm or mdraid systems.
3. You already have an opened mapper.

If you are up to it,you can give me access to your computer through teamviewer and i will sort things out myself. You will see observing everything i do so there will be no surprises as far as your computer integrity is concerned.

I occasionally offer this support to those who have difficulties in installing/using zuluCrypt. If you are up to it,send me an email at mhogomchungu@gmail.com and we will discuss details.

Last edited by mhogomchungu; 12-30-2016 at 11:51 AM.
 
Old 01-08-2017, 11:13 AM   #12
akiras rain
Member
 
Registered: Dec 2015
Location: philadelphia usa
Distribution: peppermint.lubuntu,puppy
Posts: 44

Original Poster
Rep: Reputation: Disabled
Mhogomchungu that is very gracious of you to offer your personal assistance to me remotely through team viewer but I must decline. What I am going to do is a clean install of a Linux distribution and try sirikali on it! Maybe SUSE LEAP.

RK -- I will try your suggestions definitely want to learn how to do this from the command line. I am really trying
To lean towards the terminal to do things in Linux
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Identify an encrypted partition by UUID in order to unlock with cryptsetup taylorkh Linux - Security 1 08-24-2016 09:29 AM
How to determine if a cryptsetup-LUKS encrypted partition is working? fanoflq Linux - Newbie 21 04-20-2016 02:06 PM
Accessing encrypted cdrom using cryptsetup airkemp Linux - Security 3 03-18-2015 10:47 AM
[SOLVED] zuluCrypt,a TRUECRYPT and LUKS based encrypted volume manager mhogomchungu Linux - General 1 03-04-2014 02:18 PM
[Slackware 13.0]Cryptsetup problem with encrypted home partition dlinux Slackware 3 08-29-2009 12:18 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration