Re: Extracting keyfile from Ram?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Jan Lühr wrote:
> I accidently deleted my loop-aes-keyfile (ironically it happened while
> backuping it)
> However, all loopdevices are mounted at the moment.
> Is there a way to restore my keyfile using the keys loaded into ram?

Encryption keys that are in kernel ram were hashed using one way hash and
are kept in expanded form. Unlike mainline cryptoloop, loop-AES
intentionally does not return the keys using an ioctl() call. Someone would
need to write a new kernel module to extract the data.

Plan A
~~~~~~
- Backup up your data
- Re-create the file system with new key file
- Restore from backup

Plan B
~~~~~~
- This only works for non-root file systems

- Edit /etc/mtab and remove loop mount option from old line:

/dev/hda7 /mnt ext2 rw,loop=/dev/loop0,gpgkey=/root/test1.gpg,encryption=AES128 0 0
^^^^^^^^^              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  so that new line looks like this:

/dev/loop0 /mnt ext2 rw 0 0
^^^^^^^^^^

- When umount program reads above /etc/mtab line, it does not find 'loop'
  mount option there, and umount program will not automatically detach loop
  device from backing partition, /dev/hda7 in above example.

- Unmount the file system using the _loop_ device, like this:

     umount /dev/loop0

- Create new key file, like this:

    head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 \
        | gpg --symmetric -a >/root/test2.gpg

- Attach second loop device to same partition, like this:

    losetup -e AES128 -K /root/test2.gpg /dev/loop1 /dev/hda7
    
- Now you should have two loop devices to same partition, /dev/loop0 using
  old keys, and /dev/loop1 using new keys.

- Now re-encrypt that partition using 'dd' command reading from loop device
  with old keys and writing to loop device with new keys, like this:

    dd if=/dev/loop0 of=/dev/loop1 bs=1024k conv=notrunc

- And finally detach both loop devices from partition:

    losetup -d /dev/loop0
    losetup -d /dev/loop1

- Now you have new key file, and partition encrypted using keys from that
  new key file.

-- 
Jari Ruusu  1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9  DB 1D EB E3 24 0E A9 DD

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/
[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux