[dm-crypt] how an attempt to obstruct the proverbial "evil maid" resulted in "LUKS keyslot 5 is invalid" message.
arno at wagner.name
Fri Nov 21 11:03:36 CET 2014
Excellent. You are welcome.
Now, be aware that something is wrong in your set-up, so keep
a header backup around. If this happens again, it may be a good
idea to look at this more closely. The header backup will
also help with that, as it allows comparison of "good" and
On Fri, Nov 21, 2014 at 09:08:43 CET, Jan Rhebergen wrote:
> Tried the repair function of the newest cryptsetup from fedora life.
> Worked like a charm!
> LUKS header repaired and recovered!
> On 11/17/2014 10:34 PM, Jan Rhebergen wrote:
> >In my (feeble) effort to construct an obstacle for the proverbial
> >"evil maid" I messed up my system causing a
> >LUKS keyslot 5 is invalid
> >My system is a recent Ubuntu installation with full disk encryption
> >(except for the boot partition of course). In my attempt to thwart
> >potential "evil maids" I decided to move the boot filesystem and
> >bootloader to a USB thumbdrive.
> >After I deleted the boot partition from the laptop hard-drive
> >partition table and after trying the USB thumbdrive (which worked) I
> >decided to reverse it again (can't remember why anymore).
> >To recover the correct place and size I decided use testdisk (you'll
> >find out why later). This duly detected the original boot partition
> >boundaries. However it did not correctly detect the LUKS partition
> >(which I did not notice at the time). It detected a partition of 2MB
> >instead. So I (regretfully) accepted the found partitions and ended up
> >with a correct boot partition but with a much too small LUKS
> >device/partition which was not number /dev/sda5 but
> >/dev/sda2. Needless to say opening it upon boot did not work.
> >Disk /dev/sda: 256 GB, 256052966400 bytes
> >255 heads, 63 sectors/track, 31130 cylinders
> >Units = cylinders of 16065 * 512 = 8225280 bytes
> > Device Boot Start End Blocks Id System
> >/dev/sda1 * 1 32 257008 83 Linux
> >Warning: Partition 1 does not end on cylinder boundary.
> >/dev/sda2 32 32 0 83 Linux
> >Warning: Partition 2 does not end on cylinder boundary.
> >Command (m for help):
> >I had backed up the first 512 bytes of the drive and the text output
> >of fdisk. Only trouble was that I had backed it up on the partition
> >that I was trying to reach! (kicking myself here). To my defence I
> >have to say I was tired and it was already late evening. This was the
> >(lazy) reason for using testdisk.
> >At this stage I did what is explicitly stated in the FAQ not to
> >do,.. I panicked!
> >I used cfdisk to resize the too small LUKS partition to fill the rest
> >of the disk (as it should). This worked fine and I was able to open
> >the LUKS device (yeah!) Although I could activate the volume group and
> >see/detect the logical volumes on it (lvscan/lvdisplay) I could not
> >mount them (don't remember the error).
> >At this stage I should have used dd to make a complete image of the
> >partition hard drive. Plus I should have made a backup of the LUKS
> >header (probably would have worked). I just didn't think straight I
> >guess from sheer panic.
> >Not being able to mount the logical volumes on the LUKS partition I
> >figured it must have something to do with the fact that the LUKS
> >partition was on /dev/sda2 instead of /dev/sda5. So I though I'd be
> >smart and did the following. I created a small temporary (buffer)
> >partition replacing the empty unallocated space between the boot
> >partition and the LUKS partition. I subsequently deleted the LUKS
> >partition, created an extended partition and a new logical partition
> >spanning the whole drive. Finally deleting the small buffer
> >partition. So I ended up with what I thought should be the original
> >partition table. Tried booting and opening it,... alas to no avail. I
> >suspect that creating this small buffer partition in the 1.05MB
> >'empty' space caused the trouble and in fact wrote over a few bytes of
> >the LUKS partition.
> >So finally I started to do the smart thing although probably too late
> >and copy the entire drive image over to another drive.
> >I was able to locate the start of the LUKS partition:
> >root at goofy:~# hexdump -C /dev/sda | grep LUKS
> >08073590 73 73 20 64 65 6e 69 65 64 00 4c 55 4b 53 ba be |ss
> >08844d90 73 73 20 64 65 6e 69 65 64 00 4c 55 4b 53 ba be |ss
> >08e3c190 73 73 20 64 65 6e 69 65 64 00 4c 55 4b 53 ba be |ss
> >0f500000 4c 55 4b 53 ba be 00 01 61 65 73 00 00 00 00 00
> >I mounted the image file (not /dev/sda) at the appropriate offset and
> >tried to open it.
> >losetup -o 0xf500000 -r -f sda.img
> >cryptsetup luksOpen /dev/loop0 mycrypt
> >LUKS keyslot 5 is invalid
> >Now it so happens I don't use this slot but only the default one. So
> >is there any hope for recovery? If so how do I go about it (now that I
> >have calmed down).
> >Any help and advice naturally much appreciated.
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> dm-crypt mailing list
> dm-crypt at saout.de
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt