-   Linux - General (
-   -   Recover encrypted LUKS partition (

itinlopez 11-29-2008 12:30 AM

Recover encrypted LUKS partition
I have recently experienced as slight yet painful problem with my Debian installation and I would like some piece of advice before I go any further.

I have a Debian system with two partitions, one is the boot partition (/dev/sda1) and the other is an encrypted partition (/dev/sda2) with LVM and two VGs (root and home).

And here's the thing: Yesterday, while booting with an USB pendrive running BT3, I meant to build a filesystem on the second partition of this pendrive, that is /dev/sdb2, when I inadvertently used /dev/sda2 instead. Meaning I run a "mkfs.ext3 /dev/sda2". Worst typo ever!

In the end, when I now boot my Debian system and Cryptsetup asks for the passphrase, it won't take it anymore issuing the error message "cryptsetup: unknown fstype, bad password or options?". Which I believe is normal since now /dev/sda2 appears as an ext3 partition in fdisk (don't know how it should appear though).

I believe the data is still there so I guess I "just" need to reconfigure the partition (the header maybe?) as they were, so it can accept the passphrase.

I have been messing with several tools (TestDisk, Gparted, fdisk, etc) but none of them seem to be able to do this and I rather don't mess up more with the disk in case I make things worse. I will buy a new disk next Monday and make a backup with dd to it, but I'd like to get more information before I go on.

Sorry for the speech and thanks for your help. Do not hesitate to ask if I have missed any important information that could help clarify the issue.

rjwilmsi 11-29-2008 03:45 AM

If you have completely reformatted your encrypted partition, unfortunately I think you have pretty much no chance of recovering any of the data on it. Attempting such a recovery would need the (expensive) assistance of a professional data recovery company, but even then I doubt they would be able to recover much of a fully formatted partition.

itinlopez 11-29-2008 12:43 PM

Thanks for the reply, rjwilmsi. I guess it didn't look good in the first place and you confirm my worst fears... I better assume it! :)

fotoguy 11-30-2008 03:20 AM

yep, she's gone for good, sorry to say, but once you destroyed the encrypted block devices that the partitions are mounted under, these are the devices that actually do the encrypting/decryting, then there is no way back. Then once you format, you can then corrupt the already encrypted data, basically dealing yourself a double blow.

All times are GMT -5. The time now is 12:17 AM.