Quantcast
Viewing all articles
Browse latest Browse all 3387

General Questions • [Software] Authenticated Encryption - cryptsetup - debian 12.2.0

I'm playing around with cryptsetup looking to get authenticated encryption configured on a spare drive. I am hitting an issue when updating the initramfs. I created a quick VM installing debian 12.2.0 and ran the below to test getting the same issue. Imagine I'm very likely doing something quite wrong here as this is my first time trying to enable authenticated encryption instead of just luks2 alone. Looking around I don't see much on the topic outside of articles/docs describing similar steps to what I performed below. Any advice or wisdom is appreciated ^.^

Code:

root@Burner:~# cryptsetup --versioncryptsetup 2.6.1 flags: UDEV BLKID KEYRING KERNEL_CAPI

Code:

root@Burner:~# lsb_release --allNo LSB modules are available.Distributor ID:DebianDescription:Debian GNU/Linux 12 (bookworm)Release:12Codename:bookworm

Code:

root@Burner:~# uname -aLinux Burner 6.1.0-26-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.112-1 (2024-09-30) x86_64 GNU/Linux

Code:

root@Burner:~# lsblkNAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINTSsda      8:0    0   32G  0 disk ├─sda1   8:1    0   31G  0 part /├─sda2   8:2    0    1K  0 part └─sda5   8:5    0  975M  0 part [SWAP]sdb      8:16   0    1G  0 disk

Code:

root@Burner:~# cryptsetup luksFormat --type luks2 --integrity hmac-sha256 /dev/sdbWARNING!========This will overwrite data on /dev/sdb irrevocably.Are you sure? (Type 'yes' in capital letters): YESEnter passphrase for /dev/sdb: Verify passphrase: Wiping device to initialize integrity checksum.You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).Finished, time 00m04s,  941 MiB written, speed 218.5 MiB/s

Code:

root@Burner:~# cryptsetup luksDump /dev/sdbLUKS header informationVersion:       2Epoch:         3Metadata area: 16384 [bytes]Keyslots area: 16744448 [bytes]UUID:          3382b1d1-1881-46b6-ac9b-1cf71b910bb0Label:         (no label)Subsystem:     (no subsystem)Flags:       (no flags)Data segments:  0: cryptoffset: 16777216 [bytes]length: (whole device)cipher: aes-xts-plain64sector: 512 [bytes]integrity: hmac(sha256)Keyslots:  0: luks2Key:        768 bitsPriority:   normalCipher:     aes-xts-plain64Cipher key: 512 bitsPBKDF:      argon2idTime cost:  13Memory:     1048576Threads:    4Salt:       ca a7 fc 77 0f 8f 85 8a 5f 5c 8a 50 13 77 c1 c4             cb bd 8b 7a 89 0b 02 d5 c0 99 3c 1a 72 31 89 88 AF stripes: 4000AF hash:    sha256Area offset:32768 [bytes]Area length:385024 [bytes]Digest ID:  0Tokens:Digests:  0: pbkdf2Hash:       sha256Iterations: 98698Salt:       37 09 c4 b3 87 d6 30 ac 80 c6 a1 48 a5 f9 4d c3             ce 00 76 b7 05 e6 7a 09 a9 ff 3f d9 a0 76 0b bc Digest:     e0 71 b2 83 d2 0f 02 f7 7c 74 f8 65 6f d9 d3 e2             e9 6c cb 11 0e 7f b6 f6 4b 12 6e 88 e8 4f a4 db 

Code:

root@Burner:~# cryptsetup luksOpen /dev/sdb crypt-testEnter passphrase for /dev/sdb: 

Code:

root@Burner:~# lsblkNAME             MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINTSsda                8:0    0   32G  0 disk  ├─sda1             8:1    0   31G  0 part  /├─sda2             8:2    0    1K  0 part  └─sda5             8:5    0  975M  0 part  [SWAP]sdb                8:16   0    1G  0 disk  └─crypt-test_dif 254:0    0  941M  0 crypt   └─crypt-test   254:1    0  941M  0 crypt

Code:

root@Burner:~# blkid /dev/sdb/dev/sdb: UUID="3382b1d1-1881-46b6-ac9b-1cf71b910bb0" TYPE="crypto_LUKS"

Code:

root@Burner:~# cat >> /etc/crypttab <<EOF> crypt-test UUID=3382b1d1-1881-46b6-ac9b-1cf71b910bb0 none luks,discard,initramfs> EOF

Code:

root@Burner:~# update-initramfs -u -k allupdate-initramfs: Generating /boot/initrd.img-6.1.0-26-amd64cryptsetup: ERROR: crypt-test: Source mismatchcryptsetup: WARNING: Couldn't determine cipher modules to load for crypt-test     (kernel crypto API format isn't supported yet)update-initramfs: Generating /boot/initrd.img-6.1.0-13-amd64cryptsetup: ERROR: crypt-test: Source mismatchcryptsetup: WARNING: Couldn't determine cipher modules to load for crypt-test     (kernel crypto API format isn't supported yet)

Statistics: Posted by moddingfox — 2024-11-05 06:44 — Replies 0 — Views 11



Viewing all articles
Browse latest Browse all 3387

Trending Articles