LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Mounting LUKS with the help of a cloned drive? (https://www.linuxquestions.org/questions/linux-newbie-8/mounting-luks-with-the-help-of-a-cloned-drive-781463/)

kaulalla 01-11-2010 08:28 AM
Mounting LUKS with the help of a cloned drive?
 
I have cloned my LUKS-encrypted system drive to a bigger one, using dd. The big drive was working fine, until a possible power-failure caused it not to be mountable anymore:

Code:
root@xxx:/home/xxx# cryptsetup luksOpen /dev/sdc1 cheer
Enter LUKS passphrase:
Enter LUKS passphrase:
Enter LUKS passphrase:
Command failed: No key available with this passphrase.
No matter what i do, always results in the same "No key..." output. (Followed a few tutorials already, loaded modules, etc etc).

The original disk (which I'm still using, and this was the source of cloning):

Code:
Disk /dev/sda: 320.0 GB, 320072933376 bytes
255 heads, 63 sectors/track, 38913 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x0001b495

  Device Boot      Start        End      Blocks  Id  System
/dev/sda1  *          1      38882  312319633+  83  Linux
/dev/sda2          38883      38913      249007+  5  Extended
/dev/sda5          38883      38913      248976  83  Linux
The new (bigger drive):

Code:
Disk /dev/sdc: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x0001b495

  Device Boot      Start        End      Blocks  Id  System
/dev/sdc1  *          1      38882  312319633+  83  Linux
/dev/sdc2          38883      38913      249007+  5  Extended
/dev/sdc3          38914      121601  664191360  83  Linux
/dev/sdc5          38883      38913      248976  83  Linux
Now here is what luksdump says about them:

Code:
LUKS header information for /dev/sda1

Version:        1
Cipher name:    aes
Cipher mode:    cbc-essiv:sha256
Hash spec:      sha1
Payload offset: 2056
MK bits:        256
MK digest:      21 a1 d6 b1 71 a1 99 90 1e 01 74 cd 25 84 16 c6 72 88 bb a7
MK salt:        ed f5 a0 8a 94 33 8d 77 65 28 14 5b da 21 4d 00
                f5 53 4c bf 19 5d 1a d5 21 6e b6 06 48 a6 e1 16
MK iterations:  10
UUID:          1b8386bd-a97e-45a3-9a68-d97969adc6c2

Key Slot 0: ENABLED
        Iterations:            252023
        Salt:                  e6 ab 6a f1 d2 6f 70 b5 96 5b 7d 71 3c 01 d4 de
                                cf 90 af ff 6b d7 4c 1d fa 34 7b 1e 7a 77 e3 42
        Key material offset:    8
        AF stripes:            4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
The other drive:
Code:
LUKS header information for /dev/sdc1

Version:        1
Cipher name:    aes
Cipher mode:    cbc-essiv:sha256
Hash spec:      sha1
Payload offset: 2056
MK bits:        256
MK digest:      21 a1 d6 b1 71 a1 99 90 1e 01 74 cd 25 84 16 c6 72 88 bb a7
MK salt:        ed f5 a0 8a 94 33 8d 77 65 28 14 5b da 21 4d 00
                f5 53 4c bf 19 5d 1a d5 21 6e b6 06 48 a6 e1 16
MK iterations:  10
UUID:          1b8386bd-a97e-45a3-9a68-d97969adc6c2

Key Slot 0: ENABLED
        Iterations:            252023
        Salt:                  e6 ab 6a f1 d2 6f 70 b5 96 5b 7d 71 3c 01 d4 de
                                cf 90 af ff 6b d7 4c 1d fa 34 7b 1e 7a 77 e3 42
        Key material offset:    8
        AF stripes:            4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
Question: Is there any possible way of mounting sdc1 with the help of sda1? At the moment sdc1 is sitting in an external case and the rest of the disk (truecrypt volume) working just fine. I just need the bugger be mounted for half an hour to backup my stuff from it.

Elemecca 01-11-2010 10:30 PM
As far as I can tell the LUKS tools don't directly support it. However, it is possible to manually clone the header from the old volume to the new one. Assuming the problem is header corruption (that's what it sounds like), that should fix it.

A LUKS volume starts with a 592-byte volume header, then an arbitrary-sized key material section, then the bulk data section (payload volume). The payload offset field of the volume header tells us what sector the bulk data section starts at. According to the luksDump output in your post, the payload offset is 2056 sectors. Thus, we need to clone the first 2056 sectors (the offset is zero-based so sector 2056 is the 2057th sector).

The first dd command below will back up the new volume's header to '/root/luks-backup.bin', just in case. The second will clone the header from the old volume to the new. These need to be run as root, of course.
Code:
dd if=/dev/sdc1 of=/root/luks-backup.bin bs=512 count=2056
dd if=/dev/sda1 of=/dev/sdc1 bs=512 count=2056
Once you've cloned the header you should be able to mount the new volume as normal.


All times are GMT -5. The time now is 12:50 PM.