[dm-crypt] help

Milan Broz gmazyland at gmail.com
Thu Feb 25 17:37:22 CET 2016


On 02/25/2016 04:08 PM, Felix Wagner wrote:
> Hello,
> 
> I tried to reencrypt my device today and was way too eager to do it
> without reading everything. Heres what I did:
> 
> 'cryptsetup-reencrypt -v -c aes-xts-plain64 -s
> 512 /dev/disk/by-uuid/2ea1bb9e-a4a0-48c8-bc67-a694fa6c8cf7
> Reencryption will change: volume key, set cipher to aes-xts-plain64.
> Enter passphrase for key slot 0:
> Key slot 0 unlocked.
> LUKS header backup of
> device /dev/disk/by-uuid/2ea1bb9e-a4a0-48c8-bc67-a694fa6c8cf7 created.
> Data offset for detached LUKS header must be either 0 or higher than
> header size (4036 sectors). Creation of LUKS backup headers failed.
> 
> So i thought well It didn't work so lets try again:
> 
> cryptsetup-reencrypt -v -c
> aes-xts-plain64 /dev/disk/by-uuid/2ea1bb9e-a4a0-48c8-bc67-a694fa6c8cf7
> Reencryption will change: volume key, set cipher to aes-xts-plain64.
> Enter passphrase for key slot 0:
> Key slot 0 unlocked.
> LUKS header
> backup of device /dev/disk/by-uuid/2ea1bb9e-a4a0-48c8-bc67-a694fa6c8cf7
> created.
> New LUKS header for
> device /dev/disk/by-uuid/2ea1bb9e-a4a0-48c8-bc67-a694fa6c8cf7 created.
> Activated keyslot 0. 
> Marking LUKS
> device /dev/disk/by-uuid/2ea1bb9e-a4a0-48c8-bc67-a694fa6c8cf7 unusable.
> Activating temporary device using old LUKS header.
> Key slot 0 unlocked.
> Cannot get info about
> device /dev/disk/by-uuid/2ea1bb9e-a4a0-48c8-bc67-a694fa6c8cf7.
> Activation of temporary devices failed.
> 
> Now it says that the device is not a luks device anymore. I do not have
> a header backup (I'm an idiot) what I do have is the luksDump
> information and I have not rebooted my system:

Do you have these files still in current directory?

LUKS-ea1bb9e-a4a0-48c8-bc67-a694fa6c8cf7.log
LUKS-ea1bb9e-a4a0-48c8-bc67-a694fa6c8cf7.new
LUKS-ea1bb9e-a4a0-48c8-bc67-a694fa6c8cf7.org

If so, save them. *.log is reencryption log. If you run reencrypt
in directory with these files, reencryption will resume.

If it did not started yet, *.org is header backup and you can
use it to restore old device state.

(If reencryption already started some part of device is already
reencrypted so you have to finish that operation.)

Please can you paste here content of the *.log file?
(It is text file containing reencryption context.)

(In theory, if reencryption did not really started yet the initial
header is still on-device, just with different magic string, so recovery
could be still possible just with simple on-disk edit.)

Milan


More information about the dm-crypt mailing list