[dm-crypt] Missing keyslot or broken header or still some hope?

zero.tonin at web.de zero.tonin at web.de
Fri Nov 4 20:35:32 CET 2016


Hi all, and hi Arno,
first of all, sorry the html "emails" - I don't usually do this and usually use plain-text only myself. The last mails were, however, in this emergency situation, sent from my phone, where I cannot change this behavior, unfortunately...

After fighting a little bit with cryptsetup (i must have missed some information which packages are required to compile from source), I did get the keyslot checker to work.
Unfortunately, the output is obscure to me, so I home someone can help me interpret this.

I suspected a hw issue and thus, at least, ran the vendor's diagnostic tools, but no issue could be found, including memory and HDD - would it more likely be something related to the disk itself (bad sectors, broken read-heads et cetera?)

Great idea to test the drive on a different machine - would a dd copy suffice for that, as I am afraid I do not posses the skills to take my laptop apart. not as long as there might be hope to rescue stuff otherwise. I would do this as a last resort, if the hw is broken o a degree anyway, of course.

Thanks again for your time and efforts, everybody,
Mark

user at debian:~/.bin/cryptsetup/misc/keyslot_checker$ sudo ./chk_luks_keyslots -v /dev/sda5

parameters (commandline and LUKS header):
  sector size: 512
  threshold:   0.900000

- processing keyslot 0:  start: 0x001000   end: 0x03f800 
- processing keyslot 1:  keyslot not in use
- processing keyslot 2:  keyslot not in use
- processing keyslot 3:  keyslot not in use
- processing keyslot 4:  keyslot not in use
- processing keyslot 5:  keyslot not in use
- processing keyslot 6:  keyslot not in use
- processing keyslot 7:  keyslot not in use


> Gesendet: Freitag, 04. November 2016 um 11:32 Uhr
> Von: "Arno Wagner" <arno at wagner.name>
> An: dm-crypt at saout.de
> Betreff: Re: [dm-crypt] Missing keyslot or broken header or still some hope?
>
> Hi,
> 
> first, please do not post HTML-'emails' to this list.
> It cuts you off from most people here.
> 
> Second, from the 'acting up' I would deduce that you
> have some kind of severe hardware problem. It may be that
> this prevents the unlock. Can you try this disk in a 
> different computer?
> 
> There is also the keyslot-checker in misc/keyslot_checker/
> of the cryptsetup source distribution, that may tell
> you more.
> 
> Regards,
> Arno
> 
> 
> On Thu, Nov 03, 2016 at 21:58:30 CET, Zero Tonin wrote:
> >    Hi Michael,
> > 
> >    thank you very much for your response, I appreciate your time and
> >    willingnes to help a stranger!
> > 
> > 
> >     Below I will paste the output of --debug a well as, in case it
> >    provides usefull information, the output of sfdisk -l for the
> >    partitions on the drive.
> > 
> > 
> >     Again, thank you ever so much, please do let me know if there is any
> >    further detail or informaion I could provide to hopefulyl be bale  to
> >    recover this.
> > 
> > 
> >     Kind rgeards,
> > 
> >     Mark
> > 
> >    (I was unaware this mailing list is a "clear name" environemt, sorry
> >    for the anonymity in my first mail)
> > 
> > 
> > 
> > 
> >    user at debian:~$ sudo /sbin/sfdisk -l
> > 
> >    Disk /dev/sda: 77825 cylinders, 255 heads, 63 sectors/track
> > 
> >    sfdisk: Warning: extended partition does not start at a cylinder
> >    boundary.
> > 
> >    DOS and Linux will interpret the contents differently.
> > 
> >    Units: cylinders of 8225280 bytes, blocks of 1024 bytes, counting from
> >    0
> > 
> >       Device Boot Start     End   #cyls    #blocks   Id  System
> > 
> >    /dev/sda1   *      0+     31-     31-    248832   83  Linux
> > 
> >    /dev/sda2         31+  77825-  77795- 624880641    5  Extended
> > 
> >    /dev/sda3          0       -       0          0    0  Empty
> > 
> >    /dev/sda4          0       -       0          0    0  Empty
> > 
> >    /dev/sda5         31+  77825-  77795- 624880640   83  Linux
> > 
> >    user at debian:~$ sudo cryptsetup --debug luksOpen /dev/sda5 crypt1
> > 
> >    # cryptsetup 1.6.6 processing "cryptsetup --debug luksOpen /dev/sda5
> >    crypt1"
> > 
> >    # Running command open.
> > 
> >    # Locking memory.
> > 
> >    # Installing SIGINT/SIGTERM handler.
> > 
> >    # Unblocking interruption on signal.
> > 
> >    # Allocating crypt device /dev/sda5 context.
> > 
> >    # Trying to open and read device /dev/sda5.
> > 
> >    # Initialising device-mapper backend library.
> > 
> >    # Trying to load LUKS1 crypt type from device /dev/sda5.
> > 
> >    # Crypto backend (gcrypt 1.6.3) initialized.
> > 
> >    # Detected kernel Linux 3.16.0-4-amd64 x86_64.
> > 
> >    # Reading LUKS header of size 1024 from device /dev/sda5
> > 
> >    # Key length 64, device size 1249761280 sectors, header size 4036
> >    sectors.
> > 
> >    # Timeout set to 0 miliseconds.
> > 
> >    # Password retry count set to 3.
> > 
> >    # Password verification disabled.
> > 
> >    # Iteration time set to 1000 miliseconds.
> > 
> >    # Activating volume crypt1 [keyslot -1] using [none] passphrase.
> > 
> >    # dm version   OF   [16384] (*1)
> > 
> >    # dm versions   OF   [16384] (*1)
> > 
> >    # Detected dm-crypt version 1.13.0, dm-ioctl version 4.27.0.
> > 
> >    # Device-mapper backend running with UDEV support enabled.
> > 
> >    # dm status crypt1  OF   [16384] (*1)
> > 
> >    # Interactive passphrase entry requested.
> > 
> >    Enter passphrase for /dev/sda5:
> > 
> >    # Trying to open key slot 0 [ACTIVE_LAST].
> > 
> >    # Reading key slot 0 area.
> > 
> >    # Using userspace crypto wrapper to access keyslot area.
> > 
> >    # Trying to open key slot 1 [INACTIVE].
> > 
> >    # Trying to open key slot 2 [INACTIVE].
> > 
> >    # Trying to open key slot 3 [INACTIVE].
> > 
> >    # Trying to open key slot 4 [INACTIVE].
> > 
> >    # Trying to open key slot 5 [INACTIVE].
> > 
> >    # Trying to open key slot 6 [INACTIVE].
> > 
> >    # Trying to open key slot 7 [INACTIVE].
> > 
> >    No key available with this passphrase.
> > 
> >    On 3 Nov 2016, at 19:04, Michael Kjörling <[1]michael at kjorling.se>
> >    wrote:
> > 
> >    On 3 Nov 2016 18:30 +0000, from [2]zero.tonin at web.de (Zero Tonin):
> > 
> >      user at debian:~$ sudo cryptsetup luksOpen /dev/sda5 crypt1
> > 
> >      Enter passphrase for /dev/sda5:
> > 
> >      No key available with this passphrase.
> > 
> >    Could you try running this again, but add the `--debug` option to
> >    cryptsetup, then post the resulting log?
> >    Make sure to sanitize the passphrase itself from the log if it's there
> >    (I don't know), but leave everything else intact.
> >    --
> >    Michael Kjörling • [3]https://michael.kjorling.se> >    [4]michael at kjorling.se
> >                    “People who think they know everything really annoy
> >                    those of us who know we don’t.” (Bjarne Stroustrup)
> >    _______________________________________________
> >    dm-crypt mailing list
> >    [5]dm-crypt at saout.de
> >    [6]http://www.saout.de/mailman/listinfo/dm-crypt
> > 
> > References
> > 
> >    1. mailto:michael at kjorling.se
> >    2. mailto:zero.tonin at web.de
> >    3. https://michael.kjorling.se/
> >    4. mailto:michael at kjorling.se
> >    5. mailto:dm-crypt at saout.de
> >    6. http://www.saout.de/mailman/listinfo/dm-crypt
> 
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt at saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
> 
> 
> -- 
> Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
> GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
> ----
> A good decision is based on knowledge and not on numbers. -- Plato
> 
> If it's in the news, don't worry about it.  The very definition of 
> "news" is "something that hardly ever happens." -- Bruce Schneier
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>


More information about the dm-crypt mailing list