misleading error message for incompatible cipher and keysize options
Issue 12 by jo...@freesources.org on 2009-02-19 14:08:31:
In debian bug #494584
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494584), C. Dominik Bodi
<dominik.bodi@gmx.de> pointed out, that cryptsetup gives misleading error
messages for incompatible cipher and keysize options.
In his particular case, he tried to use the xts-plain cipher method with
the default keysize for luksFormat (which is 128b). Unfortunately,
xts-plain doesn't allow keysize 128b.
the command:
cryptsetup --verbose --cipher aes-xts-plain --verify-passphrase luksFormat
/dev/hda2
fails with the following error message:
Command failed: Failed to setup dm-crypt key mapping.
Check kernel for support for the aes-xts-plain cipher spec and verify that
/dev/hda2 contains at least 133 sectors
This error message is rather misleading as the problem neither is missing
kernel support for the cipher, nor a too small device.
So it would be great to make the error message point out that fact.
Additionally, C. Dominik proposed that cryptsetup could choose a default
key size accordingly to the used cipher, what I consider a good idea as well.
greetings,
Jonas Meurer