[dm-crypt] Missing keyslot or broken header or still some hope?

Zero Tonin zero.tonin at web.de
Thu Nov 3 19:30:41 CET 2016


Hi all on this list,

after reading the faq, I suppose I am out of luck and "one of those cases", but I will take the liberty to ask for help still, before I format my luks drive...


my fully LUKS encrypted disk is failing to decrypt since two days ago. I am 100% confident the password is entered correctly,  yet I get "no key with this passphrase available".

Previously, Debian (8) was acting up on the last proper boot where I could still decrypt the drive (changed wallpaper, keyboard strokes incorrect, so when I  typed >l< the result was >sl< and such, pressing T would open a new terminal, Q opened up some KDE specific settings …)

I thus restarted the laptop and the issue started directly after that reboot, when using the internal keyboard as well as on multiple USB keyboards on multiple USB ports.

I booted into a live usb from debian 8.6 and try to unlock the disk as follows:

user at debian:~$ sudo apt-get install cryptsetup lvm2
cryptsetup: WARNING: failed to detect canonical device of aufs
cryptsetup: WARNING: could not determine root device from /etc/fstab
Warning: /sbin/fsck.aufs doesn't exist, can't install to initramfs, ignoring.
live-boot: core filesystems devices utils udev wget blockdev.
user at debian:~$ sudo modprobe dm-crypt
user at debian:~$ sudo cryptsetup luksOpen /dev/sda5 crypt1
Enter passphrase for /dev/sda5:
No key available with this passphrase.

Again, my confidence into the passphrase is 100% (I verified keyboard layout in some random text file, I  thus can rule out typos and layout).

I took a hex dump of the disk (sda5) as suggested in a thread with a failed partition resize (I am not familiar with hexdump at all and only add it in the hope it might prove useful):

00000000  4c 55 4b 53 ba be 00 01  61 65 73 00 00 00 00 00  |LUKS....aes.....|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 |................|
00000020  00 00 00 00 00 00 00 00  78 74 73 2d 70 6c 61 69  |........xts-plai|
00000030  6e 36 34 00 00 00 00 00 00 00 00 00 00 00 00 00  |n64.............|
00000040  00 00 00 00 00 00 00 00  73 68 61 31 00 00 00 00 |........sha1....|
00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 |................|
00000060  00 00 00 00 00 00 00 00  00 00 10 00 00 00 00 40 |...............@|
00000070  2a e2 25 b4 eb ec 89 d5  ff 04 36 17 c4 a6 86 c1  |*.%.......6.....|
00000080  23 14 05 d2 d9 63 b5 17  38 51 c9 f7 e5 bf 87 ea  |#....c..8Q......|
00000090  56 fa a9 93 71 f1 19 0d  fe c6 51 ea d8 64 5a 3e  |V...q.....Q..dZ>|
000000a0  68 97 51 5b 00 01 38 80  34 36 36 39 33 66 38 34  |h.Q[..8.46693f84|
000000b0  2d 65 64 63 66 2d 34 66  66 39 2d 38 39 64 66 2d  |-edcf-4ff9-89df-|
000000c0  37 38 64 36 32 61 39 32  62 36 66 33 00 00 00 00  |78d62a92b6f3....|
000000d0  00 ac 71 f3 00 05 38 e5  72 3c b6 82 b3 33 a7 f6  |..q...8.r<...3..|
000000e0  5a 55 f9 3d 6b f3 8c b8  d9 6a 66 31 9e 03 b1 57  |ZU.=k....jf1...W|
000000f0  b9 bf 00 5d d7 4a dd c9  00 00 00 08 00 00 0f a0  |...].J..........|
00000100  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000110  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 |................|
00000120  00 00 00 00 00 00 00 00  00 00 02 00 00 00 0f a0  |................|
00000130  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000140  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 |................|
00000150  00 00 00 00 00 00 00 00  00 00 03 f8 00 00 0f a0  |................|
00000160  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000170  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 |................|
00000180  00 00 00 00 00 00 00 00  00 00 05 f0 00 00 0f a0  |................|
00000190  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001b0  00 00 00 00 00 00 00 00  00 00 07 e8 00 00 0f a0  |................|
000001c0  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001e0  00 00 00 00 00 00 00 00  00 00 09 e0 00 00 0f a0  |................|
000001f0  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|

Does this look like a effed crypt header (of which I, naturally, don't have  a backup - even though I can honestly say that, as far as I know, I did not do anything to the header … ) or is there any hope left (there is no second keyslot in use)

Thanks ever so much for any word of advice,
Zero
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20161103/15d7ef30/attachment.html>


More information about the dm-crypt mailing list