On Tue, Jun 01, 2010 at 10:58:36PM +0200, tesla1@xxxxxxx wrote: > Hi, > > you probably receive often such mails: How can I rescue my data? Indeed. Short answer if the LUKS header is damaged, you typically cannot (in the cryptographically strong sense). > Here is what happened: > > I have (had) an encrypted harddisk (1TB). I can't remember whether I > encrypted the whole block device or the partition on it. Now I accidently > formatted the disk as msdos filesystem. Again I don't know whether it was > the block device or just the partition. The ouput of fdisk -l looks like > this: > > root@arpa:~# fdisk -l /dev/sdb > > Platte /dev/sdb: 1000.2 GByte, 1000204886016 Byte > 255 K??pfe, 63 Sektoren/Spuren, 121601 Zylinder > Einheiten = Zylinder von 16065 ?? 512 = 8225280 Bytes > Disk identifier: 0x0006044c > > Ger??t boot. Anfang Ende Bl??cke Id System > /dev/sdb1 * 1 121601 976760001 c W95 FAT32 (LBA) > > A long time ago when I destroyed the partition table of an unencrypted > block device I just created a new one with the same parameters and then > had access to the complete filesystem again with no data loss. > > What will happen if I recreate the encrypted harddisk with > > cryptsetup -c aes-xts-plain -s 512 luksFormat /dev/sdb You will loose all recovery ability for sure. > which is the same command I used to encrypt the disk before? Can I > rescue the data that way? No. > Are there any other possibilities under these circumstances? If the partition was not at the beginning of the disk (where there is not a nive new FAT allocation table), then you can recreate the partition and access afterwards. If you get the position wrong, you could overwrite the LUKS header. So any work you do, make a full sectorlevel backup before. Finding the LUKS header is not that hard, I described it some time ago on this list. Just browse tha archives, or look at the header fedinition, there is a magic number in there suitable for searching. If the LUKS header was, however, at the beginning of that disk, then congratulations, you just performed a very secure erase on your data. > The fact that the 1TB disk is the largest one I own doesn't make > it easy to do experiments. If you care for that data, get an 1.5TB or 2 TB disk before messing with this any further and use that disk to make a full, sector-level backup. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt