Can you read data of LUKS drive if header is damaged?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
After disk reinstallation and guest's memory state save/restoring, it seems that the guest OS mistook the two and probably overwrote Disk1's header with Disk2's. It now appears in Gnome Disks as:
Also, the GUID's of the two disks are the same. This is when I accessed the disk from the host, and I have rebooted the host. I tried mounting them in Gnome disks, and mounting Disk1 failed (quarks) and mounting Disk2 worked. I think it is strange that I can access the files of Disk2, when Gnome Disks says that its partition type is EXT4, because its actual partition type is Btrfs.
In this case, can I read the data of Disk1? Or should I give up? I have tried
cryptsetup luksOpen /dev/sdc1 rootvol
, but it said that it is not a valid LUKS device.
Last edited by 2022; 05-24-2022 at 04:10 AM.
Reason: clarification
Well... I did researching whilst a reply, and found this answer in Ask Ubuntu:
"LUKS header: If the header of a LUKS volume gets damaged, all data is permanently lost unless you have a header-backup. "
Basically, it means there is hope. What I think about this is that Linux needs to learn from Windows' mistake. In the early days of NTFS file encryption, I encrypted some files without knowing that I need the hidden encryption key, not the Windows user account password to decrypt them after reinstalling Windows. So, I lost my files. Back then, Windows did not notice users of backing up the encryption key. In recent versions of Windows, if the user tries using NTFS file encryption for the first time, Windows tells the user that he needs to back up the encryption key. Since Windows has a lot more users, probably Microsoft got a lot of feedbacks from users who lost data because they did not know they had to back up the key. If Linux's disk management GUI (like Gnome Disks) notified the users about backing up the header when they create LUKS (maybe with "do not show again"), it would have prevented a lot of miseries.
The other side of that proposition is that it's your data, so your responsibility. Note my sigline - especially when "sort-of" playing around with your partitions.
There are occasions other than the initial creation that require the header to be re-backedup - likely done from the command line; I'm not sure how all the various GUI interfaces would be expected to be made aware of that.
Nice thought though.
If Linux's disk management GUI (like Gnome Disks) notified the users about backing up the header when they create LUKS (maybe with "do not show again"), it would have prevented a lot of miseries.
I do remember seeing a warning when I was creating my LUKS encryption as it is in the man page for the program. They even talk about how it makes it a little harder to securely wipe data since you need to wipe all the header backups as well.
The fact you didn't read it, doesn't change much... As syg00 said "it's your data, so your responsibility." Especially since you were playing with partitions.
The other side of that proposition is that it's your data, so your responsibility.
I had created that partition using Gnome's Disk Utility, which has the encryption checkbox. Otherwise, I would not have known LUKS. Users are responsible for backing up things but my point is that novice users would not know the fact itself that they need to back up the header, and I think it is the software's responsibility to inform the user about that fact. I don't know how many GUI's are there, but as far as I know, Gnome is the most popular DE and it mostly comes with Gnome Disk Utility and most users would use that (not the command line). I don't think it would be that difficult to show some sort of dialogue box like below. Again, see what Windows is doing.
[Format Complete]
The disk has been formatted using LUKS. If the beginning of the disk (header) is damaged, the entire data will be inaccessible. Only a header backup can recover the data. Would you like to back up the disk header now?
I do remember seeing a warning when I was creating my LUKS encryption as it is in the man page for the program. They even talk about how it makes it a little harder to securely wipe data since you need to wipe all the header backups as well.
The fact you didn't read it, doesn't change much... As syg00 said "it's your data, so your responsibility." Especially since you were playing with partitions.
Maybe you created it using some sort of command-line utility. I used Gnome Disk Utility, as most non-expert users would, and the app had no mention about the header. All the GUI said was not to forget the password, which is useless when the header is damaged. How about not expecting most computer users to be computer enthusiasts like the programmers themselves who would spend most of their time in front of computers reading manuals and doing things in command line? What is so repulsive about the idea of making the GUI inform such critical information to novice users than expecting them to read the man page? It won't be that difficult to implement, so to me it just seems like some sort of weird puritanism.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.