LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Ubuntu (http://www.linuxquestions.org/questions/ubuntu-63/)
-   -   I may have lost my encrypted partition (http://www.linuxquestions.org/questions/ubuntu-63/i-may-have-lost-my-encrypted-partition-695183/)

Syl 01-05-2009 06:08 PM

I may have lost my encrypted partition
 
Hi, I have a serious problem, and I hope you can help me out.

I had my /home partition encrypted: /dev/sda3 was an encrypted LVM volume (dm-crypt, LUKS) containing an ext3 filesystem that I used to mount under /home

I reinstalled my Ubuntu using the text-mode installer... I did a clean reinstall: I formated /dev/sda2 (the root partition, unencrypted) and I set /dev/sda3 to be used as a physical volume for encryption. I didn't "touch" the contents of the /dev/sda3 volume.

I assumed the installer would ask for the password for /dev/sda3 and then would allow me to mount without formatting the resulting /dev/mapper/sda3_crypt ext3 partition.

It did not. The installer asked me for new passwords for /dev/sda3... I put the same password I had before, but now... the data inside the volume is no longer an ext3 partition...

I don't know why...

Code:

# cryptsetup luksOpen /dev/sda3 sda3_crypt
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.

# mount /dev/mapper/sda3_crypt /home/
mount: you must specify the filesystem type

# mount /dev/mapper/sda3_crypt /home/ -t ext3
mount: wrong fs type, bad option, bad superblock on /dev/mapper/sda3_crypt,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail  or so

# file -s /dev/mapper/sda3_crypt
/dev/mapper/sda3_crypt: data

What happened with my data? Can I recover it? What command did the Ubuntu/Debian installer issue when I chose "use /dev/sda3 as a physical volume for encryption" ?

Thanks and I wish you a happy new year!

eco 01-07-2009 03:09 AM

Hi,

This is just a guess but might it have encrypted your encrypted partition? If so, I guess you'll have to do something like (of the top of my head):

boot your system and enter your (first) LUKS passphrase

# dd if=/dev/mapper/sda3 of=/someOtherPlace/enc.iso

and hopefully...

# cryptsetup luksOpen /someOtherPlace/enc.iso

# mount -o loop -t ext3 /dev/mapper/enc.iso /mnt

purely theoretical, please check before you make things worst.

... or I'm completely wrong and you can restore all your data from your backup... right?

Syl 01-07-2009 04:22 AM

Well... that was my first assumption. So I did this:
Code:

# cryptsetup luksOpen /dev/sda3 sda3_crypt
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.

# cryptsetup luksOpen /dev/mapper/sda3_crypt sda3_crypt2
Enter LUKS passphrase:
Command failed: No key available with this passphrase.

# cryptsetup luksDump /dev/sda3
LUKS header information for /dev/sda3

Version:        1
Cipher name:    aes
Cipher mode:    cbc-essiv:sha256
Hash spec:      sha1
Payload offset: 2056
MK bits:        256
MK digest:      8f 64 f3 ca 18 79 8c bb 07 0e 09 0c c8 e6 41 61 e6 90 ef 99
MK salt:        6f 1e 4a d5 db df 94 5a 9f dc 75 6d a7 83 48 62
                a4 fc 3f ec 83 ce 40 ec a7 e8 74 a1 ec 43 58 42
MK iterations:  10
UUID:          c6580ab2-1cf5-41c1-8b09-725cdb056fa4

Key Slot 0: ENABLED
        Iterations:            393507
        Salt:                  61 3b 84 b9 48 5d 45 1e ce 21 50 3a 2b e5 c3 88
                                d5 e6 08 ad ab 0f 9f c0 f1 98 11 99 e5 92 33 b9
        Key material offset:    8
        AF stripes:            4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
# cryptsetup luksDump /dev/mapper/sda3_crypt
Command failed: /dev/mapper/sda3_crypt is not a LUKS partition

On another forum a guy told me that by selecting use this partition as a physical volume for encryption and then write changes to disk, the debian/ubuntu installer executed this command (which destroyed the encrypted data):
Code:

cryptsetup --verbose --verify-passphrase luksFormat /dev/sda3
Indeed I had a backup from mid-October... Unfortunately I was very busy and I didn't have time to create a more recent backup. But... anyway... I'm better than not having any backup at all!

Thanks!

If anyone has any other idea, please write it here...

Flimm 04-10-2010 04:26 PM

I had a similar problem. Using fsck to check the disk for errors fixed it for me.


All times are GMT -5. The time now is 09:51 AM.