[dm-crypt] Overwrote keyfile; Have master key; Recover data?
arno at wagner.name
Fri Sep 14 05:18:51 CEST 2012
On Thu, Sep 13, 2012 at 07:21:17PM -0500, Zack Buhman wrote:
> So I was bumbling along and for some stupid reason I generated a new
> keyfile (thinking I was on another machine) and ended up overwriting my
> keyfile that I use on a volume that has 1.1TB data.
> I was reading
> section 6.10, and at the time I had the thing unlocked. So I retrieved
> the master key as described in the FAQ, but then I guess I didn't read
> the instructions properly, and did luksFormat with the master key file.
> When I unlock that, the filesystem that's supposed to be inside doesn't
> What I did: http://sprunge.us/UjBQ
> I also have http://sprunge.us/bWFc from my console buffer when I was just
> playing around. Is data recovery still possible?
>From a quick look, I think you problem may be simple, namely
other defaults. Good job keeping the info, but you will
need to make a new container after recovery, as your
master key is now publicly known and your data not secure
As the FAQ states, you need to create the new LUKS container
with the same parameters as the old one.
Lets see, you have:
0 7813523456 crypt aes-xts-plain bff82...76d4 0 9:127 4096
A test with a loop file on my system gives:
0 200704 crypt aes-cbc-essiv:sha256 9d....35 0 7:0 4096
Your old container does not use the defaults of the
cryptsetup sources, but the ones used by some distribution
or parameters set by yourself.
Make sure the new header is also aes-xts-plain, by
dumping the master key again. The key and cipher
parameter need to be the same, otherwise decryption will
The other thing is that I think you should try this
without keyfile, exactly as described in the FAQ
section 6.10. Not sure whether it makes a difference
(I have never used keyfiles), but your master key is
compromised anyways, a keyfile will not help.
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell
More information about the dm-crypt