Public bug reported: Versions:
Ubuntu 18.04 LTS gnome-disk-utility 3.28.3-0ubuntu1~18.04.1 ------------------------------------------ What I'm trying to do: Change the disk decryption passphrase of key in any slot other than slot 0 while there is an existing key in slot 0 (e.g. changing the disk decryption passphrase of slot 1) using gnome-disk-utility. Ran "Disks" > Selected my encrypted device partition > Clicked the gear icon > Selected "Change passphrase" > Entered the passphrase I wanted to change > Entered the passphrase I wanted to change to and confirmed it > clicked "Change". ------------------------------------------ What I expected to happen: After clicking "Change" I expected to get no errors and have the passphrase I wanted to change to be valid to decrypt the disk. In the event of an error I expected the passphrase I was trying to change to still be valid to decrypt the disk. ------------------------------------------ What is happening: I get an error message pop-up: Error changing passphrase Error changing passphrase on device /dev/sda2/:Failed to add the new passphrase: Invalid argument (udisks-error-quark, 0) And the key that I was trying to change gets deleted with no new key being added. ------------------------------------------ (Before trying to change passphrase in key slot 2 using gnome-disk- utility) sudo cryptsetup luksDump /dev/sda2 LUKS header information for /dev/sda2 Version: 1 Cipher name: aes Cipher mode: cbc-essiv:sha256 Hash spec: sha1 Payload offset: 4096 MK bits: 256 MK digest: 0f 5d 66 ec 16 0b 0c f2 4b 0a 9f 99 28 41 59 64 e9 9d 75 64 MK salt: 89 e5 16 e5 e0 5d f5 63 f6 ba 2b f1 df e8 e6 1d 11 52 27 39 ff 87 4c 70 ab b7 49 a2 97 e0 46 41 MK iterations: 101875 UUID: c5754fe4-0835-431f-996b-e2202c380d05 Key Slot 0: ENABLED Iterations: 426666 Salt: cb 25 fd 7d 14 ca af f1 6a 57 b9 b7 b8 7a 45 76 9e 9b 3f ef 6a 3a e7 f6 18 24 7a 6e bb 0d 36 78 Key material offset: 8 AF stripes: 4000 Key Slot 1: ENABLED Iterations: 2074334 Salt: c2 cc 91 12 25 f4 80 21 d2 fa 91 44 ef 02 04 3e 6d d8 85 ef b2 39 fb c2 94 f1 62 ee db 79 3c ed Key material offset: 264 AF stripes: 4000 Key Slot 2: ENABLED Iterations: 2090878 Salt: 47 fa 77 b7 f8 31 dc 48 ab 58 f7 25 a4 d5 c7 be 35 a3 83 6a 4d 1d bb 24 1c 38 12 2d f1 15 40 7f Key material offset: 520 AF stripes: 4000 Key Slot 3: DISABLED Key Slot 4: DISABLED Key Slot 5: DISABLED Key Slot 6: DISABLED Key Slot 7: DISABLED ------------------------------------------ (After trying to change passphrase in key slot 2 using gnome-disk- utility) sudo cryptsetup luksDump /dev/sda2 LUKS header information for /dev/sda2 Version: 1 Cipher name: aes Cipher mode: cbc-essiv:sha256 Hash spec: sha1 Payload offset: 4096 MK bits: 256 MK digest: 0f 5d 66 ec 16 0b 0c f2 4b 0a 9f 99 28 41 59 64 e9 9d 75 64 MK salt: 89 e5 16 e5 e0 5d f5 63 f6 ba 2b f1 df e8 e6 1d 11 52 27 39 ff 87 4c 70 ab b7 49 a2 97 e0 46 41 MK iterations: 101875 UUID: c5754fe4-0835-431f-996b-e2202c380d05 Key Slot 0: ENABLED Iterations: 426666 Salt: cb 25 fd 7d 14 ca af f1 6a 57 b9 b7 b8 7a 45 76 9e 9b 3f ef 6a 3a e7 f6 18 24 7a 6e bb 0d 36 78 Key material offset: 8 AF stripes: 4000 Key Slot 1: ENABLED Iterations: 2074334 Salt: c2 cc 91 12 25 f4 80 21 d2 fa 91 44 ef 02 04 3e 6d d8 85 ef b2 39 fb c2 94 f1 62 ee db 79 3c ed Key material offset: 264 AF stripes: 4000 Key Slot 2: DISABLED Key Slot 3: DISABLED Key Slot 4: DISABLED Key Slot 5: DISABLED Key Slot 6: DISABLED Key Slot 7: DISABLED ------------------------------------------ Troubleshooting: I have found that: * Changing the passphrase of the key in slot 0 while there are existing keys in any other slot works as expected (the passphrase is changed and no errors occur) * Changing the passphrase of a key in any slot other than slot 0 while there is no existing key in slot 0 works as expected (the passphrase is changed and no errors occur) ------------------------------------------ Replication: To rule out this bug being caused by the way we build computers with 18.04 internally, I have installed Ubuntu 18.04 LTS on different hardware > set the disk to encrypted > added a key into slot 1 using: sudo cryptsetup luksAddKey /dev/sda5 > attempted to change said key by running "Disks" > Selected my encrypted device partition > Clicked the gear icon > Selected "Change passphrase" > Entered the passphrase I wanted to change > Entered the passphrase I wanted to change to and confirmed it > clicked "Change" and received the same error. ------------------------------------------ Workaround: The following command works as an alternative to changing the passphrase in "Disks": sudo cryptsetup luksChangeKey /dev/[partition] *where [partition] is the encrypted partition that you want to change the passphrase on. This is not ideal as our users will want to use "Disks" to change the passphrase. ** Affects: gnome-disk-utility (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1790979 Title: Unable to change disk decryption passphrase To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-disk-utility/+bug/1790979/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs