7hr08ik Posted October 27, 2019 Share Posted October 27, 2019 Well, added that line to my go file, and have the keyfile on my flash drive. Now the server boots up with 'Wrong encryption key' error. We're getting somewhere. The keyfile is being accepted, but it's not the correct content to unlock the server Quote Link to comment
7hr08ik Posted October 27, 2019 Share Posted October 27, 2019 To check, My keyfile, contents.....1 line that is only my passphrase. EOL - UNIX UTF-8 Quote Link to comment
itimpi Posted October 27, 2019 Share Posted October 27, 2019 34 minutes ago, 7hr08ik said: So, in your go file you added 'cp /boot/keyfile /root/keyfile' Then rebooted, and she booted up unlocked? Yes Quote Link to comment
7hr08ik Posted October 27, 2019 Share Posted October 27, 2019 (edited) OK so, we've figured out the server is receiving the keyfile. By adding "cp /boot/keyfile /root/keyfile" to the go file, and having the keyfile on the flash But she's telling me its the wrong encryption password. So, i remade the file in kate. No luck Remade in gnome text editor, no luck Remade using cat > keyfile, no luck Tested contents of file by copy pasting into webGUI, unlocks. Its not the passphrase, its not the file being in the wrong place, its the file itself. Don't know if its an option or not, but I know someone said they used a picture as their keyfile, and i know its possible to use seperate passphrase and keyfiles. So can it be done? Can i just setup the array to use something else as the keyfile? And unlock with either the random keyfile (a random file) OR the passphrase? Am i missing something when i make the keyfile? Saving the file as "keyfile" no extention or anything. Should i just give up? Edited October 27, 2019 by 7hr08ik Quote Link to comment
7hr08ik Posted October 27, 2019 Share Posted October 27, 2019 (edited) YES!!!! YYYYYEEEEAAAAASSSHHHH!HH!!!!!!!! DID IT!!!!! F*%& Yeah!"!!! It was the EOL. Googlefu - https://unix.stackexchange.com/questions/254644/how-do-i-remove-newline-character-at-the-end-of-file Fix perl -pi -e 'chomp if eof' myfile Not a clue, but it worked. Started looking for ways to strip EOL from files, found this, it worked. Now to fight with android and ftp Edited October 27, 2019 by 7hr08ik Quote Link to comment
NewDisplayName Posted October 27, 2019 Share Posted October 27, 2019 There should be a @limetech way to create a keyfile from a keyphrase. Quote Link to comment
7hr08ik Posted October 27, 2019 Share Posted October 27, 2019 Agreed, If I understood anything about EOL in files, I could have got this working yesterday. But then again, it was only an issue because Unraid stopped printing the keyfile to root in the new update Quote Link to comment
limetech Posted October 27, 2019 Share Posted October 27, 2019 4 minutes ago, nuhll said: There should be a @limetech way to create a keyfile from a keyphrase. If passphrase is "grass is green" then you can create a file like this: echo -n "grass is green" >/root/keyfile 1 1 Quote Link to comment
NewDisplayName Posted October 27, 2019 Share Posted October 27, 2019 Just now, limetech said: If passphrase is "grass is green" then you can create a file like this: echo -n "grass is green" >/root/keyfile We would have needed this some pages ago Just add a "create keyfile" button to the encrypting thingy which does that command under the hood? Quote Link to comment
7hr08ik Posted October 27, 2019 Share Posted October 27, 2019 Or add this advice to the 'help' section next to unlocking the array? 1 Quote Link to comment
limetech Posted October 27, 2019 Share Posted October 27, 2019 We were taken to the woodshed for having a file containing the passphrase. Now you want to download your plaintext passphrase to a file? We are not doing that - it is a very large security issue, e.g., suppose you leave browser session open and we have option to download your passphrase - well anyone walking by can do that, now they have your passphrase. 1 Quote Link to comment
7hr08ik Posted October 27, 2019 Share Posted October 27, 2019 OK, i get your point. Anythign other than a password, is going to be simpler to steal/copy. I've just spent 2 days making it easier for someone to access my files. Even though i am running ftp on my phone, its still just a txt file with my password. Hmm, food for thought Quote Link to comment
7hr08ik Posted October 27, 2019 Share Posted October 27, 2019 (edited) Does this mean the keyfile unlock method will be getting phased out? Edited October 27, 2019 by 7hr08ik Quote Link to comment
JonathanM Posted October 27, 2019 Share Posted October 27, 2019 14 minutes ago, limetech said: Now you want to download your plaintext passphrase to a file? LOL. Like many things in life, security is a continuum with many degrees. For some, the only reason to use encryption is to be able to safely EOL old drives or RMA bad drives without worrying about where those drives end up. At the other end of the spectrum, you have people that shut down and lock their system every time they finish using it, only entering a long passphrase from memory at the immediate point of use and only unlocking it to do the immediate operation at hand. You can't please both sets of people at the same time. Where you want to set the default mode is up to you. Full paranoia mode is no fun, but neither is getting your system hacked. 1 Quote Link to comment
limetech Posted October 27, 2019 Share Posted October 27, 2019 24 minutes ago, 7hr08ik said: Does this mean the keyfile unlock method will be getting phased out? Absolutely not. Here's how it works. There are two ways to specify an encryption key: Using a passphrase. In this case what you type is exactly what will be used for the key, without any newline at the end (because did you type a newline? No). The max length for a passphrase is 512 bytes (characters). As specified in the Help, "It is highly advisable to only use the 95 printable characters from the first 128 characters of the ASCII table." A passphrase is meant to be some kind of string that you commit to memory and type in following server reboot. Use a keyfile. Whatever contents are in this file are what is used for the key. The max length used from a keyfile is 8192 bytes. Since contents are in a file, each byte can take on any value. Often one would use a file with random binary data. If the specified file is greater than 8192 in length, only the first 8192 bytes comprise the key. If you use a passphrase, whatever you typed is not stored in a file, though it is kept in memory. If you use a keyfile, then file uploaded data is written to /root/keyfile and it stays there for as long as sever has power. There is a button in webGUI that lets you delete the file if you want. But then each time you Start array you will have to upload file again, and then presumably delete again. Using a keyfile lets you specify a far stronger key, but onus is on you to delete the file. 1 1 Quote Link to comment
limetech Posted October 30, 2019 Share Posted October 30, 2019 @nuhll and @7hr08ik - I marked your last 7 posts "hidden" because this bickering adds nothing to the topic. Please continue your conversation via PM. Quote Link to comment
alexdodd Posted April 18, 2020 Share Posted April 18, 2020 (Finally!) Just following the video for encrypting drives one at a time, given I still have enough space. But my SAS drives exposed through my LSI Card in IT mode don't appear on the unassigned devices. Previously confirmed here: So i suppose I have to get my hands a little dirty in the terminal? #scary Are their any resources I can be pointed to, or advice given for doing this? I presume its the same as the tutorial except i use the terminal to wipe the partition data of the drive i need to format (with wipefs?) after all the data has been shifted off it with unbalance? Quote Link to comment
Mor9oth Posted November 13, 2020 Share Posted November 13, 2020 Hey guys! Can someone maybe help me? I managed to create the keyfile by myself and it works to encrypt my array by uploading the keyfile to unraids gui - so I guess the file itself is fine. (But it is never shown up in the flash drive - like in the video - guess because of newer Unraid version) But autostart doesn't work because the file will not be downloaded at all while booting the server (at lest I Dont see in boot sequence). I have no idea why. I just used the command from Space Invaders Video and added it to the go file. First I tried this: wget --ftps-implicit --user=MYNAME --password='MYPASSWORD' ftps://FTPPROVIDER.com/keyfile -O /root/keyfile then this: wget --user=MYNAME --password='MYPASSWORD' ftp://FTPPROVIDER.com/keyfile -O /root/keyfile Are there any permissions to set before? Or network? Any ideas why this doesn't work? I am using IPMI for if this could matter. For some reason now I got more than one "Go" file: go go.save go.save.1 Thank you for your help! Quote Link to comment
Danuel Posted May 23, 2021 Share Posted May 23, 2021 On 11/13/2020 at 11:38 PM, Mor9oth said: Hey guys! Can someone maybe help me? I managed to create the keyfile by myself and it works to encrypt my array by uploading the keyfile to unraids gui - so I guess the file itself is fine. (But it is never shown up in the flash drive - like in the video - guess because of newer Unraid version) But autostart doesn't work because the file will not be downloaded at all while booting the server (at lest I Dont see in boot sequence). I have no idea why. I just used the command from Space Invaders Video and added it to the go file. First I tried this: wget --ftps-implicit --user=MYNAME --password='MYPASSWORD' ftps://FTPPROVIDER.com/keyfile -O /root/keyfile then this: wget --user=MYNAME --password='MYPASSWORD' ftp://FTPPROVIDER.com/keyfile -O /root/keyfile Are there any permissions to set before? Or network? Any ideas why this doesn't work? I am using IPMI for if this could matter. For some reason now I got more than one "Go" file: go go.save go.save.1 Thank you for your help! what message do you get in terminal ?, must be something why will not take the key Quote Link to comment
techgeeksvk Posted December 4, 2023 Share Posted December 4, 2023 Sorry to bother you guys but need some help. I we been using this metod soo long but i am making a ftp seerver on my router. But i wanna to have more security and have it in 7zip package. Is there way to do unraid the work to unzip it with password and then unlock array? Thanks guys for help. Quote Link to comment
techgeeksvk Posted December 9, 2023 Share Posted December 9, 2023 On 11/14/2020 at 12:38 AM, Mor9oth said: Hey guys! Can someone maybe help me? I managed to create the keyfile by myself and it works to encrypt my array by uploading the keyfile to unraids gui - so I guess the file itself is fine. (But it is never shown up in the flash drive - like in the video - guess because of newer Unraid version) But autostart doesn't work because the file will not be downloaded at all while booting the server (at lest I Dont see in boot sequence). I have no idea why. I just used the command from Space Invaders Video and added it to the go file. First I tried this: wget --ftps-implicit --user=MYNAME --password='MYPASSWORD' ftps://FTPPROVIDER.com/keyfile -O /root/keyfile then this: wget --user=MYNAME --password='MYPASSWORD' ftp://FTPPROVIDER.com/keyfile -O /root/keyfile Are there any permissions to set before? Or network? Any ideas why this doesn't work? I am using IPMI for if this could matter. For some reason now I got more than one "Go" file: go go.save go.save.1 Thank you for your help! I also have this problems with home ftp via asus router. My router only support explicit TLS and only working with no TLS. Maybe you should check ftp provider if there is no problem. Unraid also don´t like self signed certificate. And the go file i dont know maybe its only backup? I got one go.backup besides original go. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.