On 01/15/2016 11:52 AM, Roberto Ragusa wrote:
On 01/15/2016 04:58 PM, Robert Nichols wrote:
3. Copy the decrypted data directly back to the partition at the
correct offset (4096 sectors assumed here):
dd if=/dev/mapper/mysource bs=$((4096*512)) of=/dev/sda1 seek=1
4. Adjust the partition table to add 4096 sectors to the starting
LBA for sda1 without moving the ending LBA.
You are decrypting in place and then moving forward the beginning
of the partition to skip over the missing luks header (which
you then clean in step 5).
OOPS!! There is a nasty mistake on my part there. Zeroing out the
first two megabytes _after_ adjusting the partition table would wipe
out the first two megabytes of the filesystem. Steps 4 and 5 have
to be reversed:
1. Determine the size of the LUKS header. (I'll use /dev/sda1 as the
encrypted partition -- yours may differ.)
cryptsetup luksDump /dev/sda1 | grep "Payload offset"
That offset is the number of 512-byte sectors, probably 4096. If
different, replace "4096" with the correct number in everything
that follows.
2. Unlock the partition:
cryptsetup luksOpen /dev/sda1 mysource
3. Copy the decrypted data directly back to the partition at the
correct offset (4096 sectors assumed here):
dd if=/dev/mapper/mysource bs=$((4096*512)) of=/dev/sda1 seek=1
4. Zero out the LUKS header:
dd if=/dev/zero bs=$((4096*512)) count=1 of=/dev/sda1
5. Adjust the partition table to add 4096 sectors to the starting
LBA for sda1 without moving the ending LBA.
6. Make adjustments to /etc/fstab and any GRUB references to the
formerly encrypted partition.
7. Say a prayer and boot your system.
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
