[dm-crypt] volume unrecognized

[dm-crypt] volume unrecognized

[Jacques-Olivier KAPPS]

Hi everyone,

I have a single encrypted partition which contains my data, /home. I just
installed a new system (ubuntu karmic/alternate cd) over my other clear
system partitions, and I tried to use the setup program to point my /home
directory to my existing and crypted /home partition. Though, it
eventually wanted to format it and I canceled the whole operation.

Now I can map the device with luksOpen, but the volume itself is
unrecognized.

I certainly can open the device with luksOpen because I choosed the same
password in the installation process, but my guess is that the ubuntu
installer erased and replaced the luks headers of my partition by new
ones, what do you think? Or maybe is just erased the table partition
headers and it can't recognized the filesystem?

I don't really know what to do now, I fear to make things worse.

Do you have any advice?

Thanks for your help,

J.O.

Re: [dm-crypt] volume unrecognized

[Jonas Meurer]

[-- Attachment #1: Type: text/plain, Size: 1742 bytes --]

hey,

On 27/08/2009 Jacques-Olivier KAPPS wrote:
> I have a single encrypted partition which contains my data, /home. I just
> installed a new system (ubuntu karmic/alternate cd) over my other clear
> system partitions, and I tried to use the setup program to point my /home
> directory to my existing and crypted /home partition. Though, it
> eventually wanted to format it and I canceled the whole operation.
> 
> Now I can map the device with luksOpen, but the volume itself is
> unrecognized.
> 
> I certainly can open the device with luksOpen because I choosed the same
> password in the installation process, but my guess is that the ubuntu
> installer erased and replaced the luks headers of my partition by new
> ones, what do you think? Or maybe is just erased the table partition
> headers and it can't recognized the filesystem?

according to your description, you entered a new luks passphrase for the
encrypted device at ubuntu installation, right? to my knowledge ubuntu
installation doesn't support management of existing encrypted devices
yet. for that reason i fear that you reformatted the device (luksFormat)
during installation process. i hope that you do have backups in that
case as your data will be lost.

even using the same passphrase doesn't help. the passphrase is only used
to decrypt the luks masterkey, and that masterkey is generated from
random data at luksFormat.

please keep in mind that encrypted storage devices don't have backdoors
implemented. if the masterkey is destroyed/overwritten, the data is
irrevocably lost by design.

you really should do regular backups of sensitive data, and even more so
if the data is stored on encrypted devices!

greetings,
 jonas

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

Re: [dm-crypt] volume unrecognized

[Heinz Diehl]

On 27.08.2009, Jacques-Olivier KAPPS wrote: 

> Now I can map the device with luksOpen, but the volume itself is
> unrecognized.

Maybe the underlying filesystem got corrupted.

> I certainly can open the device with luksOpen because I choosed the same
> password in the installation process, but my guess is that the ubuntu
> installer erased and replaced the luks headers of my partition by new
> ones, what do you think?

That would explain the whole situation. When the partition gets prepared
via LUKS/dmcrypt, the filesystem is gone, and you'll have to format again.

> Do you have any advice?

Recreate the partition by using the latest backup. You have one, right?

Re: [dm-crypt] volume unrecognized

[Jacques-Olivier KAPPS]

<quote who="Jonas Meurer">
> hey,
>
> On 27/08/2009 Jacques-Olivier KAPPS wrote:
>> I have a single encrypted partition which contains my data, /home. I
>> just
>> installed a new system (ubuntu karmic/alternate cd) over my other clear
>> system partitions, and I tried to use the setup program to point my
>> /home
>> directory to my existing and crypted /home partition. Though, it
>> eventually wanted to format it and I canceled the whole operation.
>>
>> Now I can map the device with luksOpen, but the volume itself is
>> unrecognized.
>>
>> I certainly can open the device with luksOpen because I choosed the same
>> password in the installation process, but my guess is that the ubuntu
>> installer erased and replaced the luks headers of my partition by new
>> ones, what do you think? Or maybe is just erased the table partition
>> headers and it can't recognized the filesystem?
>
> according to your description, you entered a new luks passphrase for the
> encrypted device at ubuntu installation, right? to my knowledge ubuntu
> installation doesn't support management of existing encrypted devices
> yet. for that reason i fear that you reformatted the device (luksFormat)
> during installation process. i hope that you do have backups in that
> case as your data will be lost.
>
> even using the same passphrase doesn't help. the passphrase is only used
> to decrypt the luks masterkey, and that masterkey is generated from
> random data at luksFormat.
>
> please keep in mind that encrypted storage devices don't have backdoors
> implemented. if the masterkey is destroyed/overwritten, the data is
> irrevocably lost by design.
>
> you really should do regular backups of sensitive data, and even more so
> if the data is stored on encrypted devices!
>
> greetings,
>  jonas
>

Thanks for the explanation,

My bad! I assumed that the ubuntu installer would open the existing
encrypted device, and I didn't think anything was permanently done before
the final "Are you sure you want format those partitions?".

Luckily I have some backups, but not really up to date. I am going to miss
my summer photo shots!

regards,

J.O.

Re: [dm-crypt] volume unrecognized

[Jacques-Olivier KAPPS]

<quote who="Heinz Diehl">
> On 27.08.2009, Jacques-Olivier KAPPS wrote:
>
>> Now I can map the device with luksOpen, but the volume itself is
>> unrecognized.
>
> Maybe the underlying filesystem got corrupted.
>
>> I certainly can open the device with luksOpen because I choosed the same
>> password in the installation process, but my guess is that the ubuntu
>> installer erased and replaced the luks headers of my partition by new
>> ones, what do you think?
>
> That would explain the whole situation. When the partition gets prepared
> via LUKS/dmcrypt, the filesystem is gone, and you'll have to format again.
>
>> Do you have any advice?
>
> Recreate the partition by using the latest backup. You have one, right?
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>

I do have partial backups, it's better than nothing!

Okay my partition is just garbage now. So I am asking myself, is that
possible to backup those critical headers/master key of my new formated
partition?

Regards,

J.O.

Re: [dm-crypt] volume unrecognized

[Moji]

Yes using dd and cryptsetup. The wiki has an explanation of why you
might not want to do that, in addition to outlining the steps. But if
you want to here are the steps.

cryptsetup luksDump $DEVICE

Find the payload number

dd if=$DEVICE of=luks_header_bakup count=$PAYLOAD

To restore them just reverse if and of in dd

dd if=$luks_header_backup of=$DEVICE count=$PAYLOAD

-MJ

Jacques-Olivier KAPPS wrote:
> <quote who="Heinz Diehl">
>> On 27.08.2009, Jacques-Olivier KAPPS wrote:
>>
>>> Now I can map the device with luksOpen, but the volume itself is
>>> unrecognized.
>> Maybe the underlying filesystem got corrupted.
>>
>>> I certainly can open the device with luksOpen because I choosed the same
>>> password in the installation process, but my guess is that the ubuntu
>>> installer erased and replaced the luks headers of my partition by new
>>> ones, what do you think?
>> That would explain the whole situation. When the partition gets prepared
>> via LUKS/dmcrypt, the filesystem is gone, and you'll have to format again.
>>
>>> Do you have any advice?
>> Recreate the partition by using the latest backup. You have one, right?
>>
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt@saout.de
>> http://www.saout.de/mailman/listinfo/dm-crypt
>>
> 
> I do have partial backups, it's better than nothing!
> 
> Okay my partition is just garbage now. So I am asking myself, is that
> possible to backup those critical headers/master key of my new formated
> partition?
> 
> Regards,
> 
> J.O.
> 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
> 

Re: [dm-crypt] volume unrecognized

[Moji]

J.O.,

If all Ubuntu was did was rewrite the luks header information and you
have backups of the luks header, you can restore it.

As long as it was the original key.

-MJ

Jacques-Olivier KAPPS wrote:
> <quote who="Jonas Meurer">
>> hey,
>>
>> On 27/08/2009 Jacques-Olivier KAPPS wrote:
>>> I have a single encrypted partition which contains my data, /home. I
>>> just
>>> installed a new system (ubuntu karmic/alternate cd) over my other clear
>>> system partitions, and I tried to use the setup program to point my
>>> /home
>>> directory to my existing and crypted /home partition. Though, it
>>> eventually wanted to format it and I canceled the whole operation.
>>>
>>> Now I can map the device with luksOpen, but the volume itself is
>>> unrecognized.
>>>
>>> I certainly can open the device with luksOpen because I choosed the same
>>> password in the installation process, but my guess is that the ubuntu
>>> installer erased and replaced the luks headers of my partition by new
>>> ones, what do you think? Or maybe is just erased the table partition
>>> headers and it can't recognized the filesystem?
>> according to your description, you entered a new luks passphrase for the
>> encrypted device at ubuntu installation, right? to my knowledge ubuntu
>> installation doesn't support management of existing encrypted devices
>> yet. for that reason i fear that you reformatted the device (luksFormat)
>> during installation process. i hope that you do have backups in that
>> case as your data will be lost.
>>
>> even using the same passphrase doesn't help. the passphrase is only used
>> to decrypt the luks masterkey, and that masterkey is generated from
>> random data at luksFormat.
>>
>> please keep in mind that encrypted storage devices don't have backdoors
>> implemented. if the masterkey is destroyed/overwritten, the data is
>> irrevocably lost by design.
>>
>> you really should do regular backups of sensitive data, and even more so
>> if the data is stored on encrypted devices!
>>
>> greetings,
>>  jonas
>>
> 
> Thanks for the explanation,
> 
> My bad! I assumed that the ubuntu installer would open the existing
> encrypted device, and I didn't think anything was permanently done before
> the final "Are you sure you want format those partitions?".
> 
> Luckily I have some backups, but not really up to date. I am going to miss
> my summer photo shots!
> 
> regards,
> 
> J.O.
> 
> 
> 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
> 

Re: [dm-crypt] volume unrecognized

[Jonas Meurer]

[-- Attachment #1: Type: text/plain, Size: 594 bytes --]

hey,

On 27/08/2009 Moji wrote:
> Yes using dd and cryptsetup. The wiki has an explanation of why you
> might not want to do that, in addition to outlining the steps. But if
> you want to here are the steps.
> 
> cryptsetup luksDump $DEVICE
> 
> Find the payload number
> 
> dd if=$DEVICE of=luks_header_bakup count=$PAYLOAD
> 
> To restore them just reverse if and of in dd
> 
> dd if=$luks_header_backup of=$DEVICE count=$PAYLOAD

you should add bs=1 to the dd commandline. default is 512, which would
result in $PAYLOAD*512 bytes being read/written.

greetings,
 jonas

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

Re: [dm-crypt] volume unrecognized

[Milan Broz]

Jonas Meurer wrote:
>> cryptsetup luksDump $DEVICE
>>
>> Find the payload number
>>
>> dd if=$DEVICE of=luks_header_bakup count=$PAYLOAD
>>
>> To restore them just reverse if and of in dd
>>
>> dd if=$luks_header_backup of=$DEVICE count=$PAYLOAD
> 
> you should add bs=1 to the dd commandline. default is 512, which would
> result in $PAYLOAD*512 bytes being read/written.

Nope, payload offset in dump  _is_ in 512 byte sector units.
bs=512 is correct.

(You will save all (even unused) keyslots here, but this is not problem)

Milan

Re: [dm-crypt] volume unrecognized

[Jonas Meurer]

On 27/08/2009 Milan Broz wrote:
> Jonas Meurer wrote:
> >> cryptsetup luksDump $DEVICE
> >>
> >> Find the payload number
> >>
> >> dd if=$DEVICE of=luks_header_bakup count=$PAYLOAD
> >>
> >> To restore them just reverse if and of in dd
> >>
> >> dd if=$luks_header_backup of=$DEVICE count=$PAYLOAD
> > 
> > you should add bs=1 to the dd commandline. default is 512, which would
> > result in $PAYLOAD*512 bytes being read/written.
> 
> Nope, payload offset in dump  _is_ in 512 byte sector units.
> bs=512 is correct.
> 
> (You will save all (even unused) keyslots here, but this is not problem)

oups, i should have read the docs before spreading bullshit. sorry for
that.

greetings,
 jonas