cryptsetup

Cryptsetup calls clevis too late

Bug #1990401 reported by Vin Shelton on 2022-09-21

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	cryptsetup	New	Undecided	Unassigned

Bug Description

This works:
echo "Hello World..." | clevis encrypt tang '{ "url": "http://192.168.xx.yy"}' > secret.jwe
The advertisement contains the following signing keys:

XXXXXX_FFGnNkN9b72vXkkEMz24vdmcvhT-xCc27boA

Do you wish to trust these keys? [ynYN] y
clevis decrypt <secret.jwe
Hello World...

But this doesn't work (the luksOpen prompts on the terminal for a password):
sudo cryptsetup luksFormat /dev/sda3
WARNING: Device /dev/sda3 already contains a 'crypto_LUKS' superblock signature.

WARNING!
========
This will overwrite data on /dev/sda3 irrevocably.

Are you sure? (Type 'yes' in capital letters): YES
Enter passphrase for /dev/sda3:
Verify passphrase:
sudo clevis luks bind -d /dev/sda3 tang '{"url":"http://192.168.xx.yy"}'
Enter existing LUKS password:
Warning: Value 512 is outside of the allowed entropy range, adjusting it.
The advertisement contains the following signing keys:

XXXXXX_FFGnNkN9b72vXkkEMz24vdmcvhT-xCc27boA

Do you wish to trust these keys? [ynYN] y
sudo cryptsetup luksOpen /dev/sda3 asdf
Enter passphrase for /dev/sda3: Error reading passphrase from terminal.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.