[dm-crypt] unlock luks volume using valid keyslot

Oko Hid randomwalker0201 at gmail.com
Tue Jun 28 07:47:55 CEST 2016


Dear dm-crypt members,

Please teach me how to unlock the luks partition using valid keyslot.

My /dev/sda is crypto_LUKS partition volume, and xfs partition (/home)
is contained.
I got "Luks keyslot 4 is invald." message just after following operation.
(I use only keyslot 0, and I know the valid passphrase of course.)

My workstation is HP's Z820 with 2CPUs works gentoo linux.
Recently a fan seems having trouble, so I tried HP's Diagnostic CD,
booted from the CD
and executed diag tool.
The tool tried to write the result log "C:" drive, that triggered a tragedy.
The luks header must be corrupted at that time.

I do not have the backup of luks header, so I cannot unlock this
partition for now.

I found the site FAQ
(https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions),
So I would like to request the clue to access the partition and data,
here this mailing list.

The debug output of unlocking operation is following...
---
zucchini ~ # cryptsetup -v --debug --key-slot=0 luksDump /dev/sda
# cryptsetup 1.6.5 processing "cryptsetup -v --debug --key-slot=0
luksDump /dev/sda"
# Running command luksDump.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device /dev/sda context.
# Trying to open and read device /dev/sda.
# Initialising device-mapper backend library.
# Trying to load LUKS1 crypt type from device /dev/sda.
# Crypto backend (gcrypt 1.6.5) initialized.
# Reading LUKS header of size 1024 from device /dev/sda
# Invalid offset 3012998038 in keyslot 4 (beyond data area offset 4096).
LUKS keyslot 4 is invalid.
# Releasing crypt device /dev/sda context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code 22: LUKS keyslot 4 is invalid.
---

The command blkid seems to be OK.
---
zucchini ~ # blkid -p /dev/sda
/dev/sda: UUID="30016d75-****-4c68-898a-************" VERSION="1"
TYPE="crypto_LUKS" USAGE="crypto"
---

The head of /dev/sda is following.
---
zucchini ~ # hexdump -C -n 112 /dev/sda
00000000  4c 55 4b 53 ba be 00 01  61 65 73 00 00 00 00 00  |LUKS....aes.....|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000020  00 00 00 00 00 00 00 00  78 74 73 2d 70 6c 61 69  |........xts-plai|
00000030  6e 36 34 00 00 00 00 00  00 00 00 00 00 00 00 00  |n64.............|
00000040  00 00 00 00 00 00 00 00  73 68 61 31 00 00 00 00  |........sha1....|
00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000060  00 00 00 00 00 00 00 00  00 00 10 00 00 00 00 20  |............... |
00000070
---

I also tried Arno's chk_luks_keyslots.
(http://www.saout.de/pipermail/dm-crypt/attachments/20120909/39ee1325/attachment.c)
The output was...
---
zucchini keyslotchecker # ./chk_luks_keyslots /dev/sda

Sectors with entropy below threshold (0.850000):

Keyslot 0: start:   0x1000

Keyslot 1: start:  0x21000
  keyslot not in use

Keyslot 2: start:  0x41000
  keyslot not in use

Keyslot 3: start:  0x61000
  keyslot not in use

Keyslot 4: start: 0x2d672c00
  keyslot not in use

Keyslot 5: start:  0xa1000
  keyslot not in use

Keyslot 6: start:  0xc1000
  keyslot not in use

Keyslot 7: start:  0xe1000
  keyslot not in use
---
The output message shows the addresses of keyslots, and
of keyslot 4 may be invalid.
(However, 0 seems ok ... I wish.)

So, how can I do for this situation?
Is it possible to access the partition and data using Keyslot 0 ?

Thanks, in advance.

Hide


More information about the dm-crypt mailing list