Hi guys.
I know this is most likely not best suited question for this list, but I'm hoping some experts might be able to help.
I have a LUKS device which had keyslot with pass-phrase removed and token for TPM keyslot removed too - I think this is the case, for none of my passphrase works and device is as below:
I hope there is a way to save & bring it back to live - device is open right now and I've access to filesystem, obviously goal would be to avoid re-format/crypt.
Is it possible to restore/recreate that lost token and/or add new Keyslot somehow? I have no header backup for this device.
-> $ cryptsetup luksDump /dev/nvme0n1p3
LUKS header information
Version: 2
Epoch: 83
Metadata area: 16384 [bytes]
Keyslots area: 16744448 [bytes]
UUID: 3a879268-84fd-4b48-a5d4-960cccb0caa9
Label: (no label)
Subsystem: (no subsystem)
Flags: (no flags)
Data segments:
0: crypt
offset: 16777216 [bytes]
length: (whole device)
cipher: aes-xts-plain64
sector: 512 [bytes]
Keyslots:
1: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 512 bits
PBKDF: pbkdf2
Hash: sha512
Iterations: 1000
Salt: a4 5b 6b cc a8 f1 6b e8 b7 3b e2 3d ca 8d 43 fb
10 52 62 b9 99 45 70 16 bd e1 0f 7a 6c 7f 3d 11
AF stripes: 4000
AF hash: sha512
Area offset:290816 [bytes]
Area length:258048 [bytes]
Digest ID: 0
Tokens:
Digests:
0: pbkdf2
Hash: sha256
Iterations: 183317
Salt: ef 56 aa 59 c2 64 66 c7 49 57 31 4b a7 7d 00 3c
fe 00 89 2e b9 e9 da bc 69 1d 19 59 96 a9 27 aa
Digest: 79 aa 0c 8a 29 64 9c 83 bb 5a f8 5c b5 c6 b0 9c
5e 54 80 49 bd 21 f6 b4 5b 49 65 39 bd 6f 5f 20
I know this is most likely not best suited question for this list, but I'm hoping some experts might be able to help.
I have a LUKS device which had keyslot with pass-phrase removed and token for TPM keyslot removed too - I think this is the case, for none of my passphrase works and device is as below:
I hope there is a way to save & bring it back to live - device is open right now and I've access to filesystem, obviously goal would be to avoid re-format/crypt.
Is it possible to restore/recreate that lost token and/or add new Keyslot somehow? I have no header backup for this device.
-> $ cryptsetup luksDump /dev/nvme0n1p3
LUKS header information
Version: 2
Epoch: 83
Metadata area: 16384 [bytes]
Keyslots area: 16744448 [bytes]
UUID: 3a879268-84fd-4b48-a5d4-960cccb0caa9
Label: (no label)
Subsystem: (no subsystem)
Flags: (no flags)
Data segments:
0: crypt
offset: 16777216 [bytes]
length: (whole device)
cipher: aes-xts-plain64
sector: 512 [bytes]
Keyslots:
1: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 512 bits
PBKDF: pbkdf2
Hash: sha512
Iterations: 1000
Salt: a4 5b 6b cc a8 f1 6b e8 b7 3b e2 3d ca 8d 43 fb
10 52 62 b9 99 45 70 16 bd e1 0f 7a 6c 7f 3d 11
AF stripes: 4000
AF hash: sha512
Area offset:290816 [bytes]
Area length:258048 [bytes]
Digest ID: 0
Tokens:
Digests:
0: pbkdf2
Hash: sha256
Iterations: 183317
Salt: ef 56 aa 59 c2 64 66 c7 49 57 31 4b a7 7d 00 3c
fe 00 89 2e b9 e9 da bc 69 1d 19 59 96 a9 27 aa
Digest: 79 aa 0c 8a 29 64 9c 83 bb 5a f8 5c b5 c6 b0 9c
5e 54 80 49 bd 21 f6 b4 5b 49 65 39 bd 6f 5f 20
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue