# Encrypted device no longer mountable

## nyk

I use the command "/usr/bin/cryptsetup create secret /dev/loop0" to activate my passphrase protected, encrypted storage device stored in a file.

I've got the command from this howto (https://forums.gentoo.org/viewtopic.php?t=163762).

It worked for a year, but now I get: "Command failed: Invalid argument". 

What do I have to change? 

Something with cryptsetup seems to have changed, but I don't even find a manpage...

This is the whole script for mounting:

```

# !/bin/bash

/sbin/modprobe loop

/sbin/losetup /dev/loop0 /home/vault

/sbin/modprobe dm_crypt

/usr/bin/cryptsetup create secret /dev/loop0

/bin/mount /mnt/vault

```

----------

## crubb

At the moment, cryptsetup needs to be linked against libdevmapper.so.1.01, therefore you need to:

```
# echo '>=sys-fs/device-mapper-1.02.02' >> /etc/portage/package.mask && emerge device-mapper cryptsetup
```

Or install the latest cryptsetup snapshot, see: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344313

I filed a bug on bugzilla as well: https://bugs.gentoo.org/show_bug.cgi?id=120802

mfg,

crubb

----------

## Napalm Llama

I've just encountered the exact same problem:

```
splig ~ # cryptsetup -c "aes" -h "ripemd160" -b `blockdev --getsize /dev/sdb6` create bak-sys2 /dev/sdb6

Command failed: Invalid argument
```

The same thing happens with my other two encrypted partitions.

I tried unmasking and remerging latest device-mapper and cryptsetup-luks but it didn't made any difference.

I also tried replacing `blockdev --getsize /dev/sdb6` with its output if run separately - and I'm sure that it really is /dev/sdb6 I'm looking at (the unencrypted /dev/sdb2 on the same disk is mounted quite happily).

The one thing that might have triggered it is the emerge -e world I performed yesterday, but I don't know why unless the package dependancies are somehow broken.

Does anyone know what's going on?

Cheers  :Confused: 

----------

## Napalm Llama

Ah, the problem seems to be with cryptsetup-luks.  I unmerged that and remerged plain ol' cryptsetup and everything seems to work fine.

In my Googling I found that Debian has a similar issue, so maybe it's upstream?  I'm thinking that perhaps cryptsetup-luks should be masked until it's definately been fixed...

----------

## bartek

I have encrypted my home partition with cryptsetup too. Now when kde-3.5 needs cryptsetup-luks I have to unmerge cryptsetup-luks and emerge cryptsetup every time I have to mount my home partition because when I emerge -u world cryptsetup-luks is blocked by cryptsetup so I have to unmerge cryptsetup. Is there any option to make cryptsetup-luks working with my encrypted partition or do I have to emerge and unmerge cryptsetup/cryptsetup-luks till the end of my life?

----------

## Napalm Llama

The latest ~arch cryptsetup-luks now works.

Do this (as root):

```
echo "=sys-fs/cryptsetup-luks-1.0* ~x86" >> /etc/portage/package.keywords

emerge -C cryptsetup

emerge cryptsetup-luks
```

...modifying the "~x86" on the first line to fit your arch.

----------

## yem

-luks has broken my dm-crypt setup too:

```
duck ~ # losetup /dev/loop0 /home/zach.encrypted           

duck ~ # losetup /dev/loop0

/dev/loop0: [0304]:1354592 (/home/zach.encrypted)

duck ~ # /bin/cryptsetup isLuks /dev/loop0

/dev/loop0 is not a LUKS partition

duck ~ # KEY=`openssl aes-256-ecb -d -in /home/zach.key.encrypted`       

enter aes-256-ecb decryption password:

duck ~ # echo "$KEY" | /bin/cryptsetup -c aes -h ripemd160 -s 256 create _home_zach.encrypted /dev/loop0

duck ~ # mount -o ro -t ext3 /dev/mapper/_home_zach.encrypted /home/zach

mount: wrong fs type, bad option, bad superblock on /dev/mapper/_home_zach.encrypted,

       missing codepage or other error 

..

duck linux # dd if=/dev/mapper/_home_zach.encrypted bs=1M count=1 | file -

1+0 records in

1+0 records out

1048576 bytes (1.0 MB) copied, 0.050551 seconds, 20.7 MB/s

/dev/stdin: data

vs 

duck linux # dd if=/dev/hda4 bs=1M count=1 | file -

1+0 records in

1+0 records out

1048576 bytes (1.0 MB) copied, 0.005728 seconds, 183 MB/s

/dev/stdin: Linux rev 1.0 ext3 filesystem data (needs journal recovery) (large files)
```

sys-fs/cryptsetup-luks-1.0.3-r2

switch back to sys-fs/cryptsetup-0.1-r3 and it decrypts perfectly.

The -luks encryption does not appear to be backward compatible with that created by the old cryptsetup.

----------

## Napalm Llama

Hmm, I don't recognise a lot of those commands.  Here's a (simplified) extract from my backup script (which is also the script that handles dm-crypt/cryptsetup[-luks]):

```
--- SNIP ---

# Is something already mounted at $MOUNTPOINT?

if grep -q $MOUNTPOINT /etc/mtab

then

        # Is the shell interactive?

        if [ -z "$PS1" ]; then

                echo

                echo "A filesystem is already mounted on $MOUNTPOINT,"

                echo "the mountpoint for the profile specified."

                echo

                echo "You must unmount it before dobackup can continue."

                exit 1

        else

                echo

                echo "A filesystem is already mounted on $MOUNTPOINT,"

                echo "the mountpoint for the profile specified."

                echo

                echo "Shall I attempt to unmount it? (y/n)"

                read USR_UMOUNT

                if [ $USR_UMOUNT = "y" ]

                then

                        if umount $MOUNTPOINT

                        then

                                echo "$MOUNTPOINT was succesfully unmounted."

                                echo "dobackup will now continue."

                        else

                                echo

                                echo "$MOUNTPOINT could not be unmounted."

                                echo "You must unmount it manually before dobackup can continue."

                                exit 1

                        fi

                else

                        echo

                        echo "dobackup needs a clear mountpoint on $MOUNTPOINT"

                        echo "to run the $CRYPTNAME profile."

                        echo

                        echo "dobackup will now exit."

                        exit 1

                fi

        fi

fi

# Remove any previous device

if [ -b /dev/mapper/$CRYPTNAME ]

then

        cryptsetup remove $CRYPTNAME

fi

# Create the new one

echo "Please enter the password for $CRYPTNAME."

cryptsetup -c "$CRYPT_CIPHER" -h "$CRYPT_HASH" -b `blockdev --getsize $BLOCKDEV` create $CRYPTNAME $BLOCKDEV

echo

# (Attempt to) mount it, and check the results

if mount /dev/mapper/$CRYPTNAME $MOUNTPOINT

then

        echo "Backup partition $CRYPTNAME ready!"

        echo

else

        echo

        echo "********************************************"

        echo " $CRYPTNAME - ERROR!                        "

        echo " The backup partition could not be mounted! "

        echo " Did you type the right password?           "

        echo "                                            "

        echo " dobackup will now exit.                    "

        echo "********************************************"

        exit 1

fi

--- SNIP ---
```

To unmount it, I just "umount $MOUNTPOINT" then "cryptsetup remove $CRYPTNAME"

Try the method I've been using - I know for certain that it works with both vanilla sys-fs/cryptsetup and >=sys-fs/cryptsetup-luks-1.0* because I used it yesterday.

----------

## Princess Nell

I have no problems here with cryptsetup-luks-1.0.3-r2, but then I'm not using a loop device,

and I'm not using the LUKS extensions (which I was planning to - maybe I'll postpone this for

little while ...).

----------

