Jump to content
  • "Wrong Key!" error on starting array after upgrading to 6.8


    NREES87
    • Solved Minor

    Upgraded my test box to 6.8.0 stable this morning and am now unable to decrypt the array (using the same passphrase as I've used for the last year!).

     

    I experienced exactly the same issue with rc4 (see here and screenshot). If I roll back to 6.7.X - everything goes back to being fully functional.

     

    TIA,

    Nate

    image.png



    User Feedback

    Recommended Comments



    56 minutes ago, bonienl said:

    You have to make sure the text file does not have a trailing newline character.

     

    Do you use spaces in your passphrase?

    There is just the text, no spaces, tabs or anything. The length is 10 characters.

    Share this comment


    Link to comment
    Share on other sites
    17 minutes ago, limetech said:

    Sorry one more question: what is total number of characters?

    25

    Share this comment


    Link to comment
    Share on other sites
    2 hours ago, limetech said:

    I booted a server running 6.7.2 and created an encrypted volume using passphrase: !@#$^&*)(

    I then booted 6.8.0 and specifying same passphrase volume opened correctly.

     

    Please tell me exactly which special characters you're using.

     

    My test box only has ! as a special character, with 4 Uppercase letters and 4 numbers - nothing else. Main server has only Upper, Lower, Numeric, !, " and £ in its passphrase. Both exhibit the same behaviour.

    Share this comment


    Link to comment
    Share on other sites
    10 minutes ago, NREES87 said:

    My test box only has ! as a special character, with 4 Uppercase letters and 4 numbers - nothing else. Main server has only Upper, Lower, Numeric, !, " and £ in its passphrase. Both exhibit the same behaviour.

    I can't reproduce.  What I'm doing is booting server with 6.7.2. Specify encrypted file type for a disk.  Specify a test passphrase, then format and verify passphrase still works.  Then boot 6.8.0 and enter same passphrase - always works.  The latest passphrase I tried was: !234567890

    Very puzzling, all code looks correct.  To eliminate encoding issues, in 6.8 we did change how the passphrase is transmitted to the server - it now uses base64 encoding, and then decoded on server side.

    Since this is a 'test box' are you willing to PM your exact passphrase to me?

    Share this comment


    Link to comment
    Share on other sites
    21 minutes ago, NREES87 said:

    Both exhibit the same behaviour.

    Silly question...

    When you click on the button to show the passphrase as text, does it show your expected input?

    Share this comment


    Link to comment
    Share on other sites
    34 minutes ago, limetech said:

    I can't reproduce.  What I'm doing is booting server with 6.7.2. Specify encrypted file type for a disk.  Specify a test passphrase, then format and verify passphrase still works.  Then boot 6.8.0 and enter same passphrase - always works.  The latest passphrase I tried was: !234567890

    Very puzzling, all code looks correct.  To eliminate encoding issues, in 6.8 we did change how the passphrase is transmitted to the server - it now uses base64 encoding, and then decoded on server side.

    Since this is a 'test box' are you willing to PM your exact passphrase to me?

    Just sent it via PM.

    Share this comment


    Link to comment
    Share on other sites

    I could see there potentially being locale dependent issues with £/# and “/@ 

    Share this comment


    Link to comment
    Share on other sites
    1 hour ago, bonienl said:

    Silly question...

    When you click on the button to show the passphrase as text, does it show your expected input?

    Just checked and yes - the passphrase appears exactly as expected.

    Share this comment


    Link to comment
    Share on other sites

    Earlier I nuked my 6.8 test box and created a new config, formatted the drives as encrypted and set a "new" passphrase (the same as before). I'm still getting the "Wrong Key!" error - and using a keyfile still fixes the issue, and show passphrase displays the expected characters.

     

    I've just repeated the same process, but this time removed any non alphanumeric characters and that works just fine... (the only non A-Z,a-z,0-9 char was an exclamation mark)

    Share this comment


    Link to comment
    Share on other sites

    Just curious if anything has been discovered.  Attempted the upgrade again today and it still shows wrong key even validating that it is typed correctly.  Using a keyfile allows it to work with no problem.

    Share this comment


    Link to comment
    Share on other sites
    On 1/2/2020 at 11:44 PM, bonienl said:

    yes, correction will come in next release

     

    And the release will come on which date?

    Share this comment


    Link to comment
    Share on other sites
    1 hour ago, aurevo said:

     

    And the release will come on which date?

    I'm preparing the release now.

    • Like 1

    Share this comment


    Link to comment
    Share on other sites

    Please try 6.8.1-rc1 to see if your passphrase is now correctly recognized:

     

     

    Share this comment


    Link to comment
    Share on other sites
    5 hours ago, limetech said:

    Please try 6.8.1-rc1 to see if your passphrase is now correctly recognized:

     

     

    Just upgraded and tested, but unfortunately still get wrong key message and have to use a keyfile.

    Share this comment


    Link to comment
    Share on other sites

    Was your original passphrase created under Unraid 6.7 or 6.8?

     

    Share this comment


    Link to comment
    Share on other sites
    1 hour ago, bonienl said:

    Was your original passphrase created under Unraid 6.7 or 6.8?

     

    6.7

    Share this comment


    Link to comment
    Share on other sites
    3 hours ago, pvr02 said:

    Just upgraded and tested, but unfortunately still get wrong key message and have to use a keyfile.

    Please give this a try: start lopping off characters from the end of your passphrase and see if it gets to a point where it's recognized.  For example, say passphrase is:

    123456789

    try

    12345678

    then try

    1234567

    etc.

    Share this comment


    Link to comment
    Share on other sites

    Tested all the way down to 1 character and it never recognizes the passphrase.

    Share this comment


    Link to comment
    Share on other sites
    1 hour ago, pvr02 said:

    Tested all the way down to 1 character and it never recognizes the passphrase.

    What device(s) do you have encrypted?  Meaning, cache, disk1, disk2, ... which ones?

    Share this comment


    Link to comment
    Share on other sites
    1 hour ago, limetech said:

    What device(s) do you have encrypted?  Meaning, cache, disk1, disk2, ... which ones?

    Disk 1 through 6 [XFS] and the cache pool [BTRFS] (cache and cache 2).

    Share this comment


    Link to comment
    Share on other sites
    14 minutes ago, pvr02 said:

    Disk 1 through 6 [XFS] and the cache pool [BTRFS] (cache and cache 2).

    If you don't mind please try this.  First Stop array and then take note of what device id is assigned to one of your data disks, doesn't matter which one.  Let's say you pick 'sdb'.  Then type this:

    cryptsetup luksOpen /dev/sdb1 sdb1

    The command should prompt you to enter your passphrase, please do so and hit Enter.  If the command succeeds it will simply exit; if not it will spit out an error.

     

    If it succeeds, you should then type this:

    cryptsetup luksClose sdb1

    Please let me know what happens.

    Share this comment


    Link to comment
    Share on other sites
    5 hours ago, limetech said:

    If you don't mind please try this.  First Stop array and then take note of what device id is assigned to one of your data disks, doesn't matter which one.  Let's say you pick 'sdb'.  Then type this:

    
    cryptsetup luksOpen /dev/sdb1 sdb1

    The command should prompt you to enter your passphrase, please do so and hit Enter.  If the command succeeds it will simply exit; if not it will spit out an error.

     

    If it succeeds, you should then type this:

    
    cryptsetup luksClose sdb1

    Please let me know what happens.

    Upgraded to 6.8 rc1 as directed, as others have stated - still getting the same error. Keyfile works fine. Trimming passphrase down doesn't work.

     

    Following the steps above provides no errors or feedback from the terminal but after does allow the array to mount 😎😎

    Share this comment


    Link to comment
    Share on other sites
    9 hours ago, limetech said:

    If you don't mind please try this.  First Stop array and then take note of what device id is assigned to one of your data disks, doesn't matter which one.  Let's say you pick 'sdb'.  Then type this:

    
    cryptsetup luksOpen /dev/sdb1 sdb1

    The command should prompt you to enter your passphrase, please do so and hit Enter.  If the command succeeds it will simply exit; if not it will spit out an error.

     

    If it succeeds, you should then type this:

    
    cryptsetup luksClose sdb1

    Please let me know what happens.

    It simply exists.  No error's were given.

     

    Linux 4.19.93-Unraid.
    root@UNRAID:~# cryptsetup luksOpen /dev/sdj1 sdj1
    Enter passphrase for /dev/sdj1:
    root@UNRAID:~# cryptsetup luksClose sdj1
    root@UNRAID:~#

    Share this comment


    Link to comment
    Share on other sites



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Restore formatting

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Status Definitions

     

    Open = Under consideration.

     

    Solved = The issue has been resolved.

     

    Solved version = The issue has been resolved in the indicated release version.

     

    Closed = Feedback or opinion better posted on our forum for discussion. Also for reports we cannot reproduce or need more information. In this case just add a comment and we will review it again.

     

    Retest = Please retest in latest release.


    Priority Definitions

     

    Minor = Something not working correctly.

     

    Urgent = Server crash, data loss, or other showstopper.

     

    Annoyance = Doesn't affect functionality but should be fixed.

     

    Other = Announcement or other non-issue.