Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error locking the tomb #400

Closed
henrydenhengst opened this issue Dec 19, 2020 · 3 comments
Closed

Error locking the tomb #400

henrydenhengst opened this issue Dec 19, 2020 · 3 comments

Comments

@henrydenhengst
Copy link

henrydenhengst commented Dec 19, 2020
edited

Using Debian 10, all patched.
Linux debian-01 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) x86_64 GNU/Linux

**Tomb 2.5** - a strong and gentle undertaker for your secrets
  
   Copyright (C) 2007-2017 Dyne.org Foundation, License GNU GPL v3+
   This is free software: you are free to change and redistribute it
   For the latest sourcecode go to <http://dyne.org/software/tomb>
  
   This source code is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
   When in need please refer to <http://dyne.org/support>.
  
  System utils:
  
  **Sudo version 1.8.27**
  **cryptsetup 2.1.0**
  **pinentry-gtk2 (pinentry) 1.1.0**
Copyright (C) 2016 g10 Code GmbH
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
  **findmnt from util-linux 2.33.1**
  **gpg (GnuPG) 2.2.12** - key forging algorithms (GnuPG symmetric ciphers):
  /usr/bin/gpg
 IDEA 3DES CAST5 BLOWFISH AES AES192 AES256 TWOFISH CAMELLIA128 CAMELLIA192 CAMELLIA256
  
  Optional utils:
  
  /usr/bin/gettext
  /usr/bin/dcfldd
  /usr/bin/shred
  /usr/bin/steghide
  /usr/sbin/resize2fs
  tomb-kdb-pbkdf2 not found
  /usr/bin/qrencode
  /usr/bin/swish-e
  /usr/bin/unoconv
  /usr/bin/lsof

I tried debug mode to see what goes wrong?!

cryptsetup luksFormat returned an error, can anyone tell me if those errors are logged. If yes, where?
Should I go outside the Debian repo and use github instead? Or, can I just fix this?

root@debian-01:/home/henry/Downloads# tomb lock xxxxx.xxx -k xxxxx.xxx.key -D

tomb [D] Identified caller: henry (1000:1000)
tomb [D] Updating HOME to match user's: /home/henry (was /root)
tomb [D] Tomb command: lock xxxxx.xxx
tomb [D] Caller: uid[1000], gid[1000], tty[/dev/pts/1].
tomb [D] Temporary directory: /tmp/zsh
tomb . Commanded to lock tomb xxxxx.xxx
tomb [D] Tomb found: xxxxx.xxx
tomb [D] Loop mounted on /dev/loop2
tomb . Checking if the tomb is empty (we never step on somebody else's bones).
tomb . Fine, this tomb seems empty.
tomb [D] load_key argument: xxxxx.xxx.key
tomb [D] load_key: xxxxx.xxx.key
tomb [D] is_valid_key
tomb . Key is valid.
tomb . Locking using cipher: aes-xts-plain64:sha256
tomb . A password is required to use key xxxxx.xxx.key
tomb [D] asking password with tty=/dev/pts/1 lc-ctype=nl_NL.UTF-8
tomb [D] using pinentry-gtk2
tomb [D] get_lukskey
tomb [D] Created tempfile: /tmp/zsh/1433815018743113933
tomb [D] gpg: AES256 encrypted data
tomb [D] [GNUPG:] NEED_PASSPHRASE_SYM 9 3 2
tomb [D] gpg: encrypted with 1 passphrase
tomb [D] [GNUPG:] BEGIN_DECRYPTION
tomb [D] [GNUPG:] DECRYPTION_COMPLIANCE_MODE 23
tomb [D] [GNUPG:] DECRYPTION_INFO 2 9
tomb [D] [GNUPG:] PLAINTEXT 62 1608378973
tomb [D] [GNUPG:] DECRYPTION_OKAY
tomb [D] [GNUPG:] GOODMDC
tomb [D] [GNUPG:] END_DECRYPTION
tomb [D] get_lukskey returns 0
tomb . Password OK.
tomb (*) Locking xxxxx.xxx with xxxxx.xxx.key
tomb . Formatting Luks mapped device.
tomb [W] cryptsetup luksFormat returned an error.
tomb [E] Operation aborted.
@jaromil
Copy link
Member

jaromil commented Dec 19, 2020

@henrydenhengst You need to use at least tomb 2.6 to work with cryptsetup 2. Someone should update the package in Debian. This is our ChangeLog:

2.6

May 2019

This release adds new features and provides an important fix for usage
of Tomb with cryptsetup 2.1 and future versions; it also fixes a
whitespace bug in KDF passwords, all fixes are documented in
KNOWN_BUGS. A notable new feature is the libsphinx integration for
password-authenticated key agreement (PAKE). Another feature is the
integration of cloakify to support new cloak/uncloak commands that
hide keys inside long text files. Also support for gpg sub-keys has
been added and overall gpg asymmetric key protection is improved.

@henrydenhengst
Copy link
Author

Thanx version 2.6 works like a charm.

@jaromil
Copy link
Member

jaromil commented Dec 19, 2020

@henrydenhengst neat! thanks for reporting. I have clues why 2.8.1 fails, preparing a new minor bugfix as we speak. would be useful to know what version of Debian you are using, so I can try reproduce and make sure it is fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jaromil @henrydenhengst