Jump to content
  • "Wrong Key!" error on starting array after upgrading to 6.8


    NREES87
    • Solved Minor

    Upgraded my test box to 6.8.0 stable this morning and am now unable to decrypt the array (using the same passphrase as I've used for the last year!).

     

    I experienced exactly the same issue with rc4 (see here and screenshot). If I roll back to 6.7.X - everything goes back to being fully functional.

     

    TIA,

    Nate

    image.png



    User Feedback

    Recommended Comments



    14 hours ago, pvr02 said:

    It simply exists.  No error's were given.

     

    Linux 4.19.93-Unraid.
    root@UNRAID:~# cryptsetup luksOpen /dev/sdj1 sdj1
    Enter passphrase for /dev/sdj1:
    root@UNRAID:~# cryptsetup luksClose sdj1
    root@UNRAID:~#

    Thank you, that helps me determine where the bug is.

    Share this comment


    Link to comment
    Share on other sites
    38 minutes ago, pvr02 said:

    Tried 6.8.1 but still get the wrong key message.

    I need to see your passphrase.  Please send in PM or email: tomm@lime-technology.com.  You can replace alphanumeric chars with other alphanumeric chars but please leave total length and any non-alphanumeric chars in place.

     

    By alphanumeric I mean A-Z a-z 0-9

    Share this comment


    Link to comment
    Share on other sites

    Also getting the same error again after upgrading to 6.8.1:

     

    Array Stopped•Wrong encryption key

     

    Send you PN with passphrase.

    Edited by aurevo

    Share this comment


    Link to comment
    Share on other sites

    Same here, still no luck with the passphrase. Need me to PM it as well?

    Edit: keyfile doesn't work either. (also didn't work for me in in 6.8.0) I can't rule out that I'm doing that wrong, though, since it seems to work for everybody else.

    Edited by FooYoungHi

    Share this comment


    Link to comment
    Share on other sites
    6 minutes ago, FooYoungHi said:

    Same here, still no luck with the passphrase. Need me to PM it as well?

    If you have a non-ASCII printable character in your passphrase it will not work (and in next release we are only going to support the 95 printable ASCII characters in a passphrase).  In this case you will need to use 'keyfile' method.  In a future release we will add ability to change the passphrase via webGUI.

     

    If you are using some kind of mechanism to fetch a keyfile from an external server during the Unraid boot process, e.g., via the 'go' file, and that operation fails and leaves an invalid or zero-length keyfile, you will also get 'wrong key' even if you type the passphrase.  This will be addressed in the next patch release 6.8.2.

     

    If neither of these cases applies to you, yes send me a representative passphrase in PM.

    • Like 1

    Share this comment


    Link to comment
    Share on other sites
    32 minutes ago, limetech said:

    If you are using some kind of mechanism to fetch a keyfile from an external server during the Unraid boot process, e.g., via the 'go' file, and that operation fails and leaves an invalid or zero-length keyfile, you will also get 'wrong key' even if you type the passphrase.  This will be addressed in the next patch release 6.8.2.

    This was the problem for me. I've tried to fetch the keyfile from an FTP server by using spaceinvaderone's video, but couldn't get it to work, but never bothered to remove the code in the 'go' file. Removed it and it worked like a charm!

    Share this comment


    Link to comment
    Share on other sites
    2 hours ago, limetech said:

    If you are using some kind of mechanism to fetch a keyfile from an external server during the Unraid boot process, e.g., via the 'go' file, and that operation fails and leaves an invalid or zero-length keyfile, you will also get 'wrong key' even if you type the passphrase.  This will be addressed in the next patch release 6.8.2.

    My issue as well.

    Share this comment


    Link to comment
    Share on other sites
    2 hours ago, limetech said:

    In a future release we will add ability to change the passphrase via webGUI.

    Meanwhile, you can use this tool.

    Share this comment


    Link to comment
    Share on other sites
    4 hours ago, limetech said:

    If you are using some kind of mechanism to fetch a keyfile from an external server during the Unraid boot process, e.g., via the 'go' file, and that operation fails and leaves an invalid or zero-length keyfile, you will also get 'wrong key' even if you type the passphrase.  This will be addressed in the next patch release 6.8.2.

    Note: this is a subtle bug and does not exist in 6.7 release.  It exists in 6.8 because we no longer write the passphrase to a file.

    Share this comment


    Link to comment
    Share on other sites

    I'm having an issue in 6.8.1 where I posted here:

    Despite copying and pasting my encryption key, I can not unlock the disks at all. I have tried using a keyfile as mentioned, and running "cryptsetup luksOpen /dev/sdm1 sdm1" on a locked disk results in "No key available with this passphrase." Is there a chance this is a bug, or did something happen with copy/pasting the key and I just lost all of my data?

    Share this comment


    Link to comment
    Share on other sites
    8 hours ago, johnnie.black said:

    I did try following that, when entering the key it reports "No key available with this passphrase." It really looks like I don't have the right key. I'm not sure if it didn't get submitted correctly, or if it didn't copy and paste correctly, or honestly what happened.

    Share this comment


    Link to comment
    Share on other sites
    58 minutes ago, novicode said:

    I did try following that, when entering the key it reports "No key available with this passphrase." It really looks like I don't have the right key. I'm not sure if it didn't get submitted correctly, or if it didn't copy and paste correctly, or honestly what happened.

    Please list the exact steps you took.  For example I'm guessing you did this:

    1. Install Unraid version 6.8.1
    2. Formatted disk(s) using "xfs-encrypted" file system type.
    3. Selected "passphrase" as Encryption input.
    4. Typed your 64-char passphrase
    5. Clicked the Show passphrase box and verified typed correctly
    6. Use mouse to select/copy the passphrase string
    7. Pasted the string to a text file open in another window on your PC.
    8. Started array.
    9. Formatted disk(s)
    10. Copied data to disk(s)
    11. Stopped array
    12. Rebooted server
    13. Typed passphrase and clicked Start => wrong key
    14. Pasted saved string from text file to passphrase and clicked Start => wrong key
    15. Specified "Keyfile" Encryption input, selected text file, clicked Start => wrong key

    Please corrrect what I got wrong above.  Would also help if you posted diagnostics.zip

    Share this comment


    Link to comment
    Share on other sites
    27 minutes ago, limetech said:

    Please list the exact steps you took.  For example I'm guessing you did this:

    1. Install Unraid version 6.8.1
    2. Formatted disk(s) using "xfs-encrypted" file system type.
    3. Selected "passphrase" as Encryption input.
    4. Typed your 64-char passphrase
    5. Clicked the Show passphrase box and verified typed correctly
    6. Use mouse to select/copy the passphrase string
    7. Pasted the string to a text file open in another window on your PC.
    8. Started array.
    9. Formatted disk(s)
    10. Copied data to disk(s)
    11. Stopped array
    12. Rebooted server
    13. Typed passphrase and clicked Start => wrong key
    14. Pasted saved string from text file to passphrase and clicked Start => wrong key
    15. Specified "Keyfile" Encryption input, selected text file, clicked Start => wrong key

    Please corrrect what I got wrong above.  Would also help if you posted diagnostics.zip

    You're right up to step 4. And I was wrong, its actually 63 char. I used the LastPass "generate secure password" function and pasted the key it created into the password and verify password box. I then pasted it in a text file and in my lastpass vault. The rest is pretty much correct. I should have verified what I pasted into the box was correct, I just made the (terrible) assumption that what was on my clipboard successfully pasted into firefox as it did in my text file.

     

    I've attached the diagnostics zip to this post.

    diagnostics.zip

    Share this comment


    Link to comment
    Share on other sites
    10 minutes ago, novicode said:

    I've attached the diagnostics zip to this post.

    The syslog shows x2 attempts to enter passphrase, did you try keyfile method?

    Share this comment


    Link to comment
    Share on other sites
    3 minutes ago, limetech said:

    The syslog shows x2 attempts to enter passphrase, did you try keyfile method?

    Yes I have, I've restarted the system since so those attempts probably aren't listed.

    Share this comment


    Link to comment
    Share on other sites
    1 minute ago, novicode said:

    Yes I have, I've restarted the system since so those attempts probably aren't listed.

    Does your passphrase consists only of the 95 printable ASCII characters?

    https://en.wikipedia.org/wiki/ASCII#Printable_characters

     

    In your text file, are you sure there is no End-of-line character, such as null byte or newline?

    Share this comment


    Link to comment
    Share on other sites
    5 minutes ago, limetech said:

    Does your passphrase consists only of the 95 printable ASCII characters?

    https://en.wikipedia.org/wiki/ASCII#Printable_characters

     

    In your text file, are you sure there is no End-of-line character, such as null byte or newline?

    Yes, at most it has special characters such as ^, #, *, @. The is no EOL or anything after the the passphrase. I even tried to 'echo passphrase > key' to make sure it was just plain text.

    Share this comment


    Link to comment
    Share on other sites
    2 minutes ago, novicode said:

     I even tried to 'echo passphrase > key' to make sure it was just plain text.

    This command will definitely add a newline char at the end of your passphrase - not what you want.

     

    You want:  echo -n "passphrase" > keyfile

    Share this comment


    Link to comment
    Share on other sites
    5 minutes ago, novicode said:

    even tried to 'echo passphrase > key'

    You would have to use

    echo -n 'passphrase' > key

    and this only works if no single quotes in your passphrase.

    Share this comment


    Link to comment
    Share on other sites
    3 minutes ago, doron said:

    This command will definitely add a newline char at the end of your passphrase - not what you want.

     

    You want:  echo -n "passphrase" > keyfile

     

    1 minute ago, limetech said:

    You would have to use

    
    echo -n 'passphrase' > key

    and this only works if no single quotes in your passphrase.

     

    Ah yes, that is what I did I just forgot to add the flag when posting. I tried again just to be sure...no luck.

    Share this comment


    Link to comment
    Share on other sites

    To verify, if you 'cat keyfile' you should see your exact passphrase with command prompt string appended (because no newline in key), eg, if key is 'mypassphrase123' you should see:

    root@Tower:~# cat keyfile
    mypassphrase123root@Tower:~#

     

    Share this comment


    Link to comment
    Share on other sites
    1 minute ago, limetech said:

    To verify, if you 'cat keyfile' you should see your exact passphrase with command prompt string appended (because no newline in key), eg, if key is 'mypassphrase123' you should see:

    
    root@Tower:~# cat keyfile
    mypassphrase123root@Tower:~#

     

    Yeah, that's what happens so that shouldn't be an issue.

    Share this comment


    Link to comment
    Share on other sites



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Restore formatting

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Status Definitions

     

    Open = Under consideration.

     

    Solved = The issue has been resolved.

     

    Solved version = The issue has been resolved in the indicated release version.

     

    Closed = Feedback or opinion better posted on our forum for discussion. Also for reports we cannot reproduce or need more information. In this case just add a comment and we will review it again.

     

    Retest = Please retest in latest release.


    Priority Definitions

     

    Minor = Something not working correctly.

     

    Urgent = Server crash, data loss, or other showstopper.

     

    Annoyance = Doesn't affect functionality but should be fixed.

     

    Other = Announcement or other non-issue.