Dear dm-crypt members, Please teach me how to unlock the luks partition using valid keyslot. My /dev/sda is crypto_LUKS partition volume, and xfs partition (/home) is contained. I got "Luks keyslot 4 is invald." message just after following operation. (I use only keyslot 0, and I know the valid passphrase of course.) My workstation is HP's Z820 with 2CPUs works gentoo linux. Recently a fan seems having trouble, so I tried HP's Diagnostic CD, booted from the CD and executed diag tool. The tool tried to write the result log "C:" drive, that triggered a tragedy. The luks header must be corrupted at that time. I do not have the backup of luks header, so I cannot unlock this partition for now. I found the site FAQ (https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions), So I would like to request the clue to access the partition and data, here this mailing list. The debug output of unlocking operation is following... --- zucchini ~ # cryptsetup -v --debug --key-slot=0 luksDump /dev/sda # cryptsetup 1.6.5 processing "cryptsetup -v --debug --key-slot=0 luksDump /dev/sda" # Running command luksDump. # Locking memory. # Installing SIGINT/SIGTERM handler. # Unblocking interruption on signal. # Allocating crypt device /dev/sda context. # Trying to open and read device /dev/sda. # Initialising device-mapper backend library. # Trying to load LUKS1 crypt type from device /dev/sda. # Crypto backend (gcrypt 1.6.5) initialized. # Reading LUKS header of size 1024 from device /dev/sda # Invalid offset 3012998038 in keyslot 4 (beyond data area offset 4096). LUKS keyslot 4 is invalid. # Releasing crypt device /dev/sda context. # Releasing device-mapper backend. # Unlocking memory. Command failed with code 22: LUKS keyslot 4 is invalid. --- The command blkid seems to be OK. --- zucchini ~ # blkid -p /dev/sda /dev/sda: UUID="30016d75-****-4c68-898a-************" VERSION="1" TYPE="crypto_LUKS" USAGE="crypto" --- The head of /dev/sda is following. --- zucchini ~ # hexdump -C -n 112 /dev/sda 00000000 4c 55 4b 53 ba be 00 01 61 65 73 00 00 00 00 00 |LUKS....aes.....| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000020 00 00 00 00 00 00 00 00 78 74 73 2d 70 6c 61 69 |........xts-plai| 00000030 6e 36 34 00 00 00 00 00 00 00 00 00 00 00 00 00 |n64.............| 00000040 00 00 00 00 00 00 00 00 73 68 61 31 00 00 00 00 |........sha1....| 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000060 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 20 |............... | 00000070 --- I also tried Arno's chk_luks_keyslots. (http://www.saout.de/pipermail/dm-crypt/attachments/20120909/39ee1325/attachment.c) The output was... --- zucchini keyslotchecker # ./chk_luks_keyslots /dev/sda Sectors with entropy below threshold (0.850000): Keyslot 0: start: 0x1000 Keyslot 1: start: 0x21000 keyslot not in use Keyslot 2: start: 0x41000 keyslot not in use Keyslot 3: start: 0x61000 keyslot not in use Keyslot 4: start: 0x2d672c00 keyslot not in use Keyslot 5: start: 0xa1000 keyslot not in use Keyslot 6: start: 0xc1000 keyslot not in use Keyslot 7: start: 0xe1000 keyslot not in use --- The output message shows the addresses of keyslots, and of keyslot 4 may be invalid. (However, 0 seems ok ... I wish.) So, how can I do for this situation? Is it possible to access the partition and data using Keyslot 0 ? Thanks, in advance. Hide _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
