[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: root-crypto with loop-aes on debian-testing, 2.6.15-1-686--continued........

> To decrypt a partition using aespipe, you need to use exact same command
> pipe you used to encrypt it, except that a '-d' decrypt option must be added
> to aespipe parameters.

I encrypted the 55GB-hda3 wird the command from your README.txt, exact
means, that I remembered, after the first try, weeks ago, that the "\" is not to be
typed when written in one long, single row.
I mean the loop-AES-README.txt not the aespipe-Readme.txt.

I hoped that it was/it should have been:

dd if=/dev/hda3 bs=64k | /mnt/aespipe -e AES256 -K /mnt/rootkey -gpg -G / | dd of=/dev/hda3 bs=64k conv=notrunc

> > testsystem edited build-initrd.sh, edited, but wrong loop for /, as I see now:

> Looks ok to me. (root loop index == 5)

Yes, it's than O.K. if the editor forgot to type in menu.lst what he forgot to
edit into build-initrd.sh and that was the case with me.....
 
> > testsystem-/etc/fstab, residing on crypted hda3:
> > 
> > # <file system> <mount point>   <type>  <options>                  <dump>  <pass>
> > 
> > proc            /proc           proc    defaults                   0       0
> > /dev/hda3       /               ext2    defaults,errors=remount-ro 0       1
>   ^^^^^^^^^
>   /dev/loop5
> 
> > /dev/hda1       /boot           ext2    defaults                   0       2
> > /dev/hda2       none            swap    sw                         0       0
> > /dev/hdc        /media/cdrom0   udf,iso9660 user,noauto            0       0
> > usbdevfs        /proc/bus/usb   usbdevfs devmode=0666              0       0
> > /dev/sda        /usbdev         ext2    user,noauto                0       0

Yes, I understand.

> > testsystem-/boot/grub/menu.lst, residing in unencrypted hda1:
> [snip]
> > titel           Debian, USEPIVOT=1, 2.6.15

> > root            (hd0,0)
> > kernel        /vmlinuz root=100 init=/linuxrc rootfstype=minix
> > initrd          /initrd.gz

> Try fixing that menu.lst typo.

Where + what, I dont' see the mistake now + yet, but mave have learned and used
it before you can mail.

> using encryption=AES128. If AES128 mount works, then you existing initrd.gz
> won't work because in build-initrd.sh config key length is specified as
> AES256.

Before I shredder it all, I try 128.......

> What was the exact sequence of commands that you used to encrypt your
> partition. If you can remember it correctly, every character, even typos,
> then I may be able to help you to undo the damage. But if you can't remember
> it exactly, then your file system may be lost.

See above (dd if.......................notrunc).

FAZIT:
Even me, the perfectionist, made massive mistakes due to unpredictable things
happening in everyday life.....me trying to concentrate while old dog barks
for help.
I allways had good impressions from loop-AES and so I give it another try.
Maybe I am stripping down the test-hd from 55 to 5 GB and 256 to 128 for
speeds-sake but I will give feedback.
And if I really make it, this should be frozen for other debian-users.

                  Regards,         Reverend

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/