[dm-crypt] Data recovery

Arno Wagner arno at wagner.name
Sat Oct 8 18:22:51 CEST 2011


On Sat, Oct 08, 2011 at 02:28:28PM +0200, Nico Gevers wrote:
> Hi
> 
> I've recently decided to encrypt all my drives using luks, running on ubuntu
> 11.10. I encrypted my external drive, and loaded all my backups onto the
> drive. One morning, I tried accessing the drive, and it wouldn't accept my
> key phrase. I tried a couple of times, even tried some variations, but no
> avail. Then I stupidly thought of running fsck on the drive. I fixed a
> couple of innodes, but then stopped, realising that I was probably doing
> more harm than good.
> 
> When I run luksDump on that drive, I get all the expected information. My
> question is: is the header still intact. Is there any chance I can recover
> my data, owing to the fact that luksDump displays, what seems to me, a valid
> header? (I'm assuming that if luksDump shows the information, the header is
> intact).

The header itself may be intact. But the problem here is the keyslots.
If they are damaged, the only thing that can save your data is a header
backup.

What I wonder is why fsck was even willing to run. Due to the encryption,
it will have seen absolutely nothing that looks like a filesystem.
It also is quite possible that it 'fixed' things in the keyslot area.

In addition, there is the question for the reason fo the initial
fail.

So, what you do now is make a header backup (procedure is in the
FAQ) und analyse that. First, find out in which keyslot your key
is (likely the first), then look at the FAQ section on on-disk 
format and look at the encrypted keyslot with a hex-dump
tool, e.g. hd. If there is anything looking regular in the
keyslot area, apply procedure for dealing with permanent data
loss, also described in the FAQ.

You can of course ask for further advice here, but it is impossible
to answer your question without looking at that keyslot data.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 


More information about the dm-crypt mailing list