[dm-crypt] Overwrote keyfile; Have master key; Recover data?

Arno Wagner arno at wagner.name
Fri Sep 14 05:18:51 CEST 2012

On Thu, Sep 13, 2012 at 07:21:17PM -0500, Zack Buhman wrote:
> Hello,
> So I was bumbling along and for some stupid reason I generated a new
> keyfile (thinking I was on another machine) and ended up overwriting my
> keyfile that I use on a volume that has 1.1TB data.
> I was reading
> https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#6._Backup_and_Data_Recovery
> section 6.10, and at the time I had the thing unlocked. So I retrieved
> the master key as described in the FAQ, but then I guess I didn't read
> the instructions properly, and did luksFormat with the master key file.
> When I unlock that, the filesystem that's supposed to be inside doesn't
> exist.
> What I did: http://sprunge.us/UjBQ
> I also have http://sprunge.us/bWFc from my console buffer when I was just
> playing around. Is data recovery still possible?

>From a  quick look, I think you problem may be simple, namely
other defaults. Good job keeping the info, but you will
need to make a new container after recovery, as your
master key is now publicly known and your data not secure

As the FAQ states, you need to create the new LUKS container
with the same parameters as the old one. 

Lets see, you have:
0 7813523456 crypt aes-xts-plain bff82...76d4 0 9:127 4096
                   ^^^^^^^^^^^^^ ^^^^^^^^^^^^
                   cipher+mode   key
A test with a loop file on my system gives:
0 200704 crypt aes-cbc-essiv:sha256 9d....35 0 7:0 4096

Your old container does not use the defaults of the 
cryptsetup sources, but the ones used by some distribution
or parameters set by yourself. 

Make sure the new header is also aes-xts-plain, by
dumping the master key again. The key and cipher 
parameter need to be the same, otherwise decryption will 
not work.

The other thing is that I think you should try this 
without keyfile, exactly as described in the FAQ
section 6.10. Not sure whether it makes a difference
(I have never used keyfiles), but your master key is 
compromised anyways, a keyfile will not help.

Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 

More information about the dm-crypt mailing list