By 'backup header', do you mean there's a redundant copy stored somewhere other than the start of the device? Or are you just talking about backing up my damaged header? I saw a mention on the list archives of someone suggesting implementing a redundant header copy stored elsewhere on the device, and the luks author saying he thought that was a good idea, and he'd implement it in the next version, but I'm not clear on whether that has already happened yet. If there *IS* a redundant, uncorrupted backup header somewhere, how do I find it? Or is that what you were trying to give me directions on backing up before? If so, how would I go about finding my "payload offset", other than from luksDump? Cause luksDump doesn't work for me - it just errors out saying its not a valid luks device. On Sat, Nov 8, 2008 at 1:56 PM, Milan Broz <mbroz@xxxxxxxxxx> wrote: > Arno Wagner wrote: >>> Ok, revised: Look at offset 104 in the header. It lists >>> where the bulk data starts (in sectors). Backup everything >>> before. > > Keyslot is not fixed size, I think it depends on cipher key length. > > Anyway, backup of header is easy, there is unecrypted header > (always of the 592 bytes IIRC) and keyslot area, > starting at 4k offset). > > run "crytpsetup luksDump <device>", > remeber the "Payload offset" (in sectors). > > then backup header with > dd if=<device> of=<backup_file> bs=512 count=NUM > > where NUM is the payload offset above. > > (note that anyone with this backup and knowledge > of any passphrase in backup header can decrypt data with > this, even if you change passphrase later on real disk.) > > Restore - simple dd it backwards. > > I think that this should work always, header and all > keyslots area should be there but not more. > (Restoring more data than LUKS header length can > rewrite filesystem data with some old content.) > > Milan > -- > mbroz@xxxxxxxxxx > > --------------------------------------------------------------------- > dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ > To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx > For additional commands, e-mail: dm-crypt-help@xxxxxxxx > > -- Kevin Bowen kevin@xxxxxxxx --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
