Package: cryptsetup Version: 2:1.0.6-7 Severity: normal
I noticed that it is impossible to remove a keyslot with the key of this slot. Problem occurs either with passphrase and with key-file. I guess it's not a feature, since it should be possible to delete all key-slots to make access to the data quite-impossible. There is also a warning message while trying to do it, so I'm sure it should be possible (and in the case we have to delete the last keyslot, the only possibility is to use the same key). Example : r...@pierre:/tmp# ls -sh keyslot* 4.0K keyslot0.rand 4.0K keyslot1.rand r...@pierre:/tmp# cryptsetup luksFormat -s256 /dev/mapper/pierre-testluks /tmp/keyslot0.rand WARNING! ======== This will overwrite data on /dev/mapper/pierre-testluks irrevocably. Are you sure? (Type uppercase yes): YES Command successful. r...@pierre:/tmp# cryptsetup luksAddKey --key-file /tmp/keyslot0.rand /dev/mapper/pierre-testluks /tmp/keyslot1.rand key slot 0 unlocked. Command successful. r...@pierre:/tmp# cryptsetup luksDump /dev/mapper/pierre-testluks LUKS header information for /dev/mapper/pierre-testluks Version: 1 Cipher name: aes Cipher mode: cbc-essiv:sha256 Hash spec: sha1 Payload offset: 2056 MK bits: 256 MK digest: 84 b0 9a 7e 56 98 ed c0 01 56 cd a8 ab 6a be 25 e6 22 e4 4b MK salt: a5 4f 46 09 9e 1d 9e 3b 08 d9 5b 35 8b ea 99 41 fb ae 4c 17 f1 03 32 4a af b0 76 c5 06 ed e1 e5 MK iterations: 10 UUID: b6bf43f9-6de5-4290-945f-65faaa8a188d Key Slot 0: ENABLED Iterations: 128887 Salt: e3 70 ff b6 d2 94 c0 a7 89 aa 97 33 6a 20 b2 c7 32 9f 65 6d 95 78 48 6b f2 52 3e c0 f8 04 27 34 Key material offset: 8 AF stripes: 4000 Key Slot 1: ENABLED Iterations: 236321 Salt: ba 18 91 42 b7 de 3f d0 db 96 0a 09 9e 9e 1c fb 06 e7 17 73 e6 8b e5 f7 9a c4 4d a7 3c e1 40 d4 Key material offset: 264 AF stripes: 4000 Key Slot 2: DISABLED Key Slot 3: DISABLED Key Slot 4: DISABLED Key Slot 5: DISABLED Key Slot 6: DISABLED Key Slot 7: DISABLED r...@pierre:/tmp# cryptsetup luksKillSlot --key-file /tmp/keyslot1.rand /dev/mapper/pierre-testluks 1 No remaining key available with this passphrase. Command failed. r...@pierre:/tmp# cryptsetup luksKillSlot --key-file /tmp/keyslot0.rand /dev/mapper/pierre-testluks 0 No remaining key available with this passphrase. Command failed. r...@pierre:/tmp# cryptsetup luksKillSlot --key-file /tmp/keyslot0.rand /dev/mapper/pierre-testluks 1 key slot 1 verified. Command successful. r...@pierre:/tmp# cryptsetup luksKillSlot --key-file /tmp/keyslot0.rand /dev/mapper/pierre-testluks 0 WARNING! ======== This is the last keyslot. Device will become unusable after purging this key. Are you sure? (Type uppercase yes): YES No remaining key available with this passphrase. Command failed. r...@pierre:/tmp# -- System Information: Debian Release: 5.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.18-6-amd64 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages cryptsetup depends on: ii dmsetup 2:1.02.27-4 The Linux Kernel Device Mapper use ii libc6 2.7-18 GNU C Library: Shared libraries ii libdevmapper1.02.1 2:1.02.27-4 The Linux Kernel Device Mapper use ii libpopt0 1.14-4 lib for parsing cmdline parameters ii libuuid1 1.41.3-1 universally unique id library cryptsetup recommends no packages. Versions of packages cryptsetup suggests: ii dosfstools 3.0.1-1 utilities for making and checking ii initramfs-tools [linux-initra 0.92o tools for generating an initramfs ii udev 0.125-7 /dev/ and hotplug management daemo -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org