Bug#450784: loop-aes-utils: mount fails to read encryption key from symbolic link

Djani Buric djani_buric at fastmail.fm
Sat Nov 10 14:46:53 UTC 2007 

Package: loop-aes-utils
Version: 2.13-2
Severity: normal


Mount is unable to read the encryption key from a symbolic link.

I have an AES128 encrypted partition whose first 8192 bytes hold the encryption
key. This is based on an example from aespipe's documentation:

yes "" | dd of=/dev/hda9 bs=512 count=16 > /dev/hda9
head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 \
        | gpg --symmetric -a > /dev/hda9 
losetup -e AES128 -K /dev/hda9 -o 8192 /dev/loop0 /dev/hda9
mkfs.ext3 /dev/loop0
losetup -d /dev/loop0

The partition can then be mounted in this way:

mount -o loop,encryption=AES128,gpgkey=/dev/hda9,offset=8192 /dev/hda9 /mnt/tmp

But, if a symbolic link, say /dev/hdax, is created, that links to
/dev/hda9, then replacing hda9 with hdax does not work:

ln -s /dev/hda9 /dev/hdax
mount -o loop,encryption=AES128,gpgkey=/dev/hdax,offset=8192 /dev/hdax /mnt/tmp

After the password is entered, mount is unable to retrieve the encryption
key. It starts reading data from disk, but it does not end immediately as
it should, and stops only after I hit Ctrl-C. 

I know that mount calls gpg for key decryption, and it seems to me that gpg
is unable to find the key. I suspect that mount somehow fails in setting up
the file descriptor that is passed to gpg. 

The following command works as expected (notice that gpgkey=/dev/hdax is
replaced with gpgkey=/dev/hda9): 

mount -o loop,encryption=AES128,gpgkey=/dev/hda9,offset=8192 /dev/hdax /mnt/tmp

This also works as expected:

losetup -e AES128 -K /dev/hdax -o 8192 /dev/loop0 /dev/hdax
mount /dev/loop0 /mnt/tmp

The described problem does not happen with loop-aes-utils 2.12r-16.

Mounting using symbolic links is handy with USB disks and udev. 

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.22.6-1 (PREEMPT)
Locale: LANG=hr_HR, LC_CTYPE=hr_HR (charmap=ISO-8859-2)
Shell: /bin/sh linked to /bin/bash

Versions of packages loop-aes-utils depends on:
ii  gnupg                        1.4.6-2     GNU privacy guard - a free PGP rep
ii  libblkid1                    1.40.2-1    block device id library
ii  libc6                        2.6.1-6     GNU C Library: Shared libraries
ii  libselinux1                  2.0.15-2+b1 SELinux shared libraries
ii  libuuid1                     1.40.2-1    universally unique id library
ii  mount                        2.13-9      Tools for mounting and manipulatin

Versions of packages loop-aes-utils recommends:
ii  sharutils                     1:4.6.3-1  shar, unshar, uuencode, uudecode

-- no debconf information

More information about the Pkg-loop-aes-maint mailing list