From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <glkdd-dm-crypt@m.gmane.org>
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Wed,  3 Sep 2014 16:56:55 +0200 (CEST)
Received: from list by plane.gmane.org with local (Exim 4.69)
 (envelope-from <glkdd-dm-crypt@m.gmane.org>) id 1XPBzS-0001nF-EG
 for dm-crypt@saout.de; Wed, 03 Sep 2014 16:56:54 +0200
Received: from c-24-14-20-249.hsd1.il.comcast.net ([24.14.20.249])
 by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
 id 1AlnuQ-0007hv-00
 for <dm-crypt@saout.de>; Wed, 03 Sep 2014 16:56:54 +0200
Received: from rnicholsNOSPAM by c-24-14-20-249.hsd1.il.comcast.net with local
 (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00
 for <dm-crypt@saout.de>; Wed, 03 Sep 2014 16:56:54 +0200
From: Robert Nichols <rnicholsNOSPAM@comcast.net>
Date: Wed, 03 Sep 2014 09:56:40 -0500
Message-ID: <lu7a79$6e8$1@ger.gmane.org>
References: <BLU184-W956C554A2837B7CB6A0EDDE8C40@phx.gbl>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format="flowed"
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <BLU184-W956C554A2837B7CB6A0EDDE8C40@phx.gbl>
Subject: Re: [dm-crypt] Broken LUKS header
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 09/03/2014 04:03 AM, Andreas A=DFmann wrote:
> A few days ago, I tried to add a key file to all three volumes using 'cry=
ptsetup
> luksAddKey'. The command succeeded for sda2 and sda3. Adding the key file=
 to
> sdb1, however, failed with 'Invalid Key Slot 6, Invalid Key Slot 7'. It s=
eems
> the LUKS header of sdb1 was corrupted in the process. Probing the header =
using
> 'cryptsetup luksDump' fails with the same error message.
>
> Fortunately, sdb1 was unlocked and mounted when this happened - I was sti=
ll able
> to access data on this volume and from what I've seen, everything is still
> intact, so I created a complete backup right away using rsync. However, I=
 would
> feel much better if I could repair the header to verify that the backup I=
 made
> actually contains all data from sdb1.
>
> I also created a 1:1 backup of sdb1 using dd. On this backup, I tried
> 'keyslot_checker' and 'cryptsetup repair'. The first didn't work at all, =
the
> latter reported invalid offsets for key slots 6 and 7 and fixed them. How=
ever, I
> was unable to open the volume using my normal passphrase afterwards, so t=
hat
> didn't work out as expected.

Do you still have sdb1 unlocked? If so, you can recover the master key and
also make a backup image of the decrypted volume. Instructions for recoveri=
ng
the master key are in section 6.10 of the Cryptsetup FAQ at
  <http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions>

To save an image of the decrypted volume just use dd to copy the
/dev/mapper/xxx device to a file somewhere.

--=20
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.