Oops, just saw that Milan already replied. Use his instructions, they are better. Regards, Arno On Tue, Jun 28, 2016 at 15:55:55 CEST, Arno Wagner wrote: > The thing here is that not your keyslot is invalid, but > rather its descriptor, which is part of the header. > > One thing you can immediately do (after a header backup!) > is to just put the right offset into the header descriptor. > Addresses are in FAQ Item 6.12. As Keyslot 4 is inactive, > you can basically copy the one before or after, I think. > > If conventional header backup does not work, do a manual > one (see FAQ Item 6.2). > > That should get you one step further. But only if the > salts in the header and keyslot are fine. > > Regards, > Arno > > > > On Tue, Jun 28, 2016 at 07:47:55 CEST, Oko Hid wrote: > > Dear dm-crypt members, > > > > Please teach me how to unlock the luks partition using valid keyslot. > > > > My /dev/sda is crypto_LUKS partition volume, and xfs partition (/home) > > is contained. > > I got "Luks keyslot 4 is invald." message just after following operation. > > (I use only keyslot 0, and I know the valid passphrase of course.) > > > > My workstation is HP's Z820 with 2CPUs works gentoo linux. > > Recently a fan seems having trouble, so I tried HP's Diagnostic CD, > > booted from the CD > > and executed diag tool. > > The tool tried to write the result log "C:" drive, that triggered a tragedy. > > The luks header must be corrupted at that time. > > > > I do not have the backup of luks header, so I cannot unlock this > > partition for now. > > > > I found the site FAQ > > (https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions), > > So I would like to request the clue to access the partition and data, > > here this mailing list. > > > > The debug output of unlocking operation is following... > > --- > > zucchini ~ # cryptsetup -v --debug --key-slot=0 luksDump /dev/sda > > # cryptsetup 1.6.5 processing "cryptsetup -v --debug --key-slot=0 > > luksDump /dev/sda" > > # Running command luksDump. > > # Locking memory. > > # Installing SIGINT/SIGTERM handler. > > # Unblocking interruption on signal. > > # Allocating crypt device /dev/sda context. > > # Trying to open and read device /dev/sda. > > # Initialising device-mapper backend library. > > # Trying to load LUKS1 crypt type from device /dev/sda. > > # Crypto backend (gcrypt 1.6.5) initialized. > > # Reading LUKS header of size 1024 from device /dev/sda > > # Invalid offset 3012998038 in keyslot 4 (beyond data area offset 4096). > > LUKS keyslot 4 is invalid. > > # Releasing crypt device /dev/sda context. > > # Releasing device-mapper backend. > > # Unlocking memory. > > Command failed with code 22: LUKS keyslot 4 is invalid. > > --- > > > > The command blkid seems to be OK. > > --- > > zucchini ~ # blkid -p /dev/sda > > /dev/sda: UUID="30016d75-****-4c68-898a-************" VERSION="1" > > TYPE="crypto_LUKS" USAGE="crypto" > > --- > > > > The head of /dev/sda is following. > > --- > > zucchini ~ # hexdump -C -n 112 /dev/sda > > 00000000 4c 55 4b 53 ba be 00 01 61 65 73 00 00 00 00 00 |LUKS....aes.....| > > 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| > > 00000020 00 00 00 00 00 00 00 00 78 74 73 2d 70 6c 61 69 |........xts-plai| > > 00000030 6e 36 34 00 00 00 00 00 00 00 00 00 00 00 00 00 |n64.............| > > 00000040 00 00 00 00 00 00 00 00 73 68 61 31 00 00 00 00 |........sha1....| > > 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| > > 00000060 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 20 |............... | > > 00000070 > > --- > > > > I also tried Arno's chk_luks_keyslots. > > (http://www.saout.de/pipermail/dm-crypt/attachments/20120909/39ee1325/attachment.c) > > The output was... > > --- > > zucchini keyslotchecker # ./chk_luks_keyslots /dev/sda > > > > Sectors with entropy below threshold (0.850000): > > > > Keyslot 0: start: 0x1000 > > > > Keyslot 1: start: 0x21000 > > keyslot not in use > > > > Keyslot 2: start: 0x41000 > > keyslot not in use > > > > Keyslot 3: start: 0x61000 > > keyslot not in use > > > > Keyslot 4: start: 0x2d672c00 > > keyslot not in use > > > > Keyslot 5: start: 0xa1000 > > keyslot not in use > > > > Keyslot 6: start: 0xc1000 > > keyslot not in use > > > > Keyslot 7: start: 0xe1000 > > keyslot not in use > > --- > > The output message shows the addresses of keyslots, and > > of keyslot 4 may be invalid. > > (However, 0 seems ok ... I wish.) > > > > So, how can I do for this situation? > > Is it possible to access the partition and data using Keyslot 0 ? > > > > Thanks, in advance. > > > > Hide > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@xxxxxxxx > > http://www.saout.de/mailman/listinfo/dm-crypt > > -- > Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx > GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 > ---- > A good decision is based on knowledge and not on numbers. -- Plato > > If it's in the news, don't worry about it. The very definition of > "news" is "something that hardly ever happens." -- Bruce Schneier > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
