Ubuntu – Encrypted disk won’t unlock anymore: Not authorized to perform operation (udisks-error-quark, 4)


In 2012 I used Ubuntu's gnome-disks utility to encrypt an external drive.
Last year I was still being able to unlock it.

But today I tried again on Ubuntu 2012.04 and gnome-disks says:

Error unlocking encrypted device
Not authorized to perform operation (udisks-error-quark, 4)

How to solve this and unlock my data?

Not authorized to perform operation (udisks-error-quark, 4)

Best Answer

The error code 4 returned by udisks2 (which is used by gnome-disks-utilities internally) is the constant UDISKS_ERROR_NOT_AUTHORIZED_CAN_OBTAIN in code.

This code is returned, if the current subject (the gnome-disks applications, actually) is not allowed to do the unlock operation, however it might be allowed if further authentication would be provided, typically by providing the system administrator's (root) password.

Such additional password query is typically handled by a so-called authentication agent. It seems that this agent is not setup correctly in your environment.

I had the same problem using gnome-disks within an i3wm-session (in archlinux -- however this should be similar under Ubuntu): After having installed the (legacy) "polkit-gnome" authentication agent (and starting it in a session startup script), I got first the passphrase dialog for specifying the LUKS passphrase of the device and then a second dialog asking for the root password.

The command line hack you mention can alternatively also be done using udisksctl in an cleaner way:

udisksctl unlock --block-device /dev/sda1
udisksctl mount --block-device /dev/mapper/my_encrypted_volume

Note that the udisksctl unlock will ask for the (same) two passwords as gnome-disks would do when the authentication agent is setup correctly. No need to use sudo here.

For further information, dig into udisks2 and polkit documentation or look into udisks2 source code directly. This is how I understood and finally solved the problem for me.

Related Question