Hi all, Arno and Michael, thanks again for your continued help and advise - a great experience and yet another time I love the linux community (and pity I can't contribute myself much). > It says your key-slots have no larger areas overwritten with other data. > That is by far the most common thing that happens. Not here, it seems. Thanks for the clarification, I think I do understand. > In principle, yes, but if you have a problem with bit-errors on > reading or the like, then you would at least need to also > do an md5sum or the like of copy and original to make > sure there are no errors. A single bit-error in a > keyslot makes it unusable. Ok, that might explain why - at the moment - it is not working. I create a ddrescue (thanks, Michael, for reminding me of this!) clone but failed to realise the destination disk was 100GB short (I am looking to do it with a NAS drive now...). With this "clone" (which might be insufficient) I tried unlocking the disk on a virtual machine running pureOS (on VM Fusion on a macOS Sierra iMac), but I as well cant decrypt the disk with the "No key available with this passphrase" message. I hope this is due to the insufficient size on the drive. >My first assumption would not be that the disk is physically broken >yet still manages to read data in any meaningful way, but silent data >corruption is a real thing, despite HDD manufacturers' attempts at >correcting or at least detecting any failed reads. That said, though, >your LUKS header looks _sane_; I would expect silent corruption to >yield essentially random data for the full sector. That, at least, gives some hope to continue working on the drive. Also a great reminder for _regular_ rsyncs (I have another disk which had been encrypted with truecrypt. A firmware update for the drive itself corrupted the truecrypt header. I did have a RAID backup, also encrypted with truecrypt. Smart as I am, the password for it is stored on the unusable disk and I did not yet pgp -email it to someone I trust... different story, though, but maybe it contributes to your amusement) >A binary copy as made by e.g. dd should absolutely be sufficient. In >fact, it's probably a good idea to make such a copy in any case; >having that copy will allow you to experiment. >If you can spare the disk space, make one copy, and then duplicate it, >then work on one of those copies while making sure to not touch the >other; that way, no matter what you do and no matter what happens to >the physical media from that point onwards, you can always go back to >the original copy and make a new working copy. Very good plan of action, I wil lsee can I get ddrescue to work onto a NAS drive, which should at least gve me enough storage... >I _strongly_ recommend ddrescue over dd; ddrescue is far better suited >for this use case. It also gives you a nice progress indication while >it is working. Very true, not sure why I had "dd" saved in my head... Again, thanks so much, folks, this is really great and I appreciate your words and time a lot! Mark > > > Mark > > > > user@debian:~/.bin/cryptsetup/misc/keyslot_checker$ sudo ./chk_luks_keyslots -v /dev/sda5 > > > > parameters (commandline and LUKS header): > > sector size: 512 > > threshold: 0.900000 > > > > - processing keyslot 0: start: 0x001000 end: 0x03f800 > > - processing keyslot 1: keyslot not in use > > - processing keyslot 2: keyslot not in use > > - processing keyslot 3: keyslot not in use > > - processing keyslot 4: keyslot not in use > > - processing keyslot 5: keyslot not in use > > - processing keyslot 6: keyslot not in use > > - processing keyslot 7: keyslot not in use > > > > > > > Gesendet: Freitag, 04. November 2016 um 11:32 Uhr > > > Von: "Arno Wagner" <arno@xxxxxxxxxxx> > > > An: dm-crypt@xxxxxxxx > > > Betreff: Re: Missing keyslot or broken header or still some hope? > > > > > > Hi, > > > > > > first, please do not post HTML-'emails' to this list. > > > It cuts you off from most people here. > > > > > > Second, from the 'acting up' I would deduce that you > > > have some kind of severe hardware problem. It may be that > > > this prevents the unlock. Can you try this disk in a > > > different computer? > > > > > > There is also the keyslot-checker in misc/keyslot_checker/ > > > of the cryptsetup source distribution, that may tell > > > you more. > > > > > > Regards, > > > Arno > > > > > > > > > On Thu, Nov 03, 2016 at 21:58:30 CET, Zero Tonin wrote: > > > > Hi Michael, > > > > > > > > thank you very much for your response, I appreciate your time and > > > > willingnes to help a stranger! > > > > > > > > > > > > Below I will paste the output of --debug a well as, in case it > > > > provides usefull information, the output of sfdisk -l for the > > > > partitions on the drive. > > > > > > > > > > > > Again, thank you ever so much, please do let me know if there is any > > > > further detail or informaion I could provide to hopefulyl be bale to > > > > recover this. > > > > > > > > > > > > Kind rgeards, > > > > > > > > Mark > > > > > > > > (I was unaware this mailing list is a "clear name" environemt, sorry > > > > for the anonymity in my first mail) > > > > > > > > > > > > > > > > > > > > user@debian:~$ sudo /sbin/sfdisk -l > > > > > > > > Disk /dev/sda: 77825 cylinders, 255 heads, 63 sectors/track > > > > > > > > sfdisk: Warning: extended partition does not start at a cylinder > > > > boundary. > > > > > > > > DOS and Linux will interpret the contents differently. > > > > > > > > Units: cylinders of 8225280 bytes, blocks of 1024 bytes, counting from > > > > 0 > > > > > > > > Device Boot Start End #cyls #blocks Id System > > > > > > > > /dev/sda1 * 0+ 31- 31- 248832 83 Linux > > > > > > > > /dev/sda2 31+ 77825- 77795- 624880641 5 Extended > > > > > > > > /dev/sda3 0 - 0 0 0 Empty > > > > > > > > /dev/sda4 0 - 0 0 0 Empty > > > > > > > > /dev/sda5 31+ 77825- 77795- 624880640 83 Linux > > > > > > > > user@debian:~$ sudo cryptsetup --debug luksOpen /dev/sda5 crypt1 > > > > > > > > # cryptsetup 1.6.6 processing "cryptsetup --debug luksOpen /dev/sda5 > > > > crypt1" > > > > > > > > # Running command open. > > > > > > > > # Locking memory. > > > > > > > > # Installing SIGINT/SIGTERM handler. > > > > > > > > # Unblocking interruption on signal. > > > > > > > > # Allocating crypt device /dev/sda5 context. > > > > > > > > # Trying to open and read device /dev/sda5. > > > > > > > > # Initialising device-mapper backend library. > > > > > > > > # Trying to load LUKS1 crypt type from device /dev/sda5. > > > > > > > > # Crypto backend (gcrypt 1.6.3) initialized. > > > > > > > > # Detected kernel Linux 3.16.0-4-amd64 x86_64. > > > > > > > > # Reading LUKS header of size 1024 from device /dev/sda5 > > > > > > > > # Key length 64, device size 1249761280 sectors, header size 4036 > > > > sectors. > > > > > > > > # Timeout set to 0 miliseconds. > > > > > > > > # Password retry count set to 3. > > > > > > > > # Password verification disabled. > > > > > > > > # Iteration time set to 1000 miliseconds. > > > > > > > > # Activating volume crypt1 [keyslot -1] using [none] passphrase. > > > > > > > > # dm version OF [16384] (*1) > > > > > > > > # dm versions OF [16384] (*1) > > > > > > > > # Detected dm-crypt version 1.13.0, dm-ioctl version 4.27.0. > > > > > > > > # Device-mapper backend running with UDEV support enabled. > > > > > > > > # dm status crypt1 OF [16384] (*1) > > > > > > > > # Interactive passphrase entry requested. > > > > > > > > Enter passphrase for /dev/sda5: > > > > > > > > # Trying to open key slot 0 [ACTIVE_LAST]. > > > > > > > > # Reading key slot 0 area. > > > > > > > > # Using userspace crypto wrapper to access keyslot area. > > > > > > > > # Trying to open key slot 1 [INACTIVE]. > > > > > > > > # Trying to open key slot 2 [INACTIVE]. > > > > > > > > # Trying to open key slot 3 [INACTIVE]. > > > > > > > > # Trying to open key slot 4 [INACTIVE]. > > > > > > > > # Trying to open key slot 5 [INACTIVE]. > > > > > > > > # Trying to open key slot 6 [INACTIVE]. > > > > > > > > # Trying to open key slot 7 [INACTIVE]. > > > > > > > > No key available with this passphrase. > > > > > > > > On 3 Nov 2016, at 19:04, Michael Kjörling <[1]michael@xxxxxxxxxxx> > > > > wrote: > > > > > > > > On 3 Nov 2016 18:30 +0000, from [2]zero.tonin@xxxxxx (Zero Tonin): > > > > > > > > user@debian:~$ sudo cryptsetup luksOpen /dev/sda5 crypt1 > > > > > > > > Enter passphrase for /dev/sda5: > > > > > > > > No key available with this passphrase. > > > > > > > > Could you try running this again, but add the `--debug` option to > > > > cryptsetup, then post the resulting log? > > > > Make sure to sanitize the passphrase itself from the log if it's there > > > > (I don't know), but leave everything else intact. > > > > -- > > > > Michael Kjörling • [3]https://michael.kjorling.se • > > > > [4]michael@xxxxxxxxxxx > > > > “People who think they know everything really annoy > > > > those of us who know we don’t.” (Bjarne Stroustrup) > > > > _______________________________________________ > > > > dm-crypt mailing list > > > > [5]dm-crypt@xxxxxxxx > > > > [6]http://www.saout.de/mailman/listinfo/dm-crypt > > > > > > > > References > > > > > > > > 1. mailto:michael@xxxxxxxxxxx > > > > 2. mailto:zero.tonin@xxxxxx > > > > 3. https://michael.kjorling.se/ > > > > 4. mailto:michael@xxxxxxxxxxx > > > > 5. mailto:dm-crypt@xxxxxxxx > > > > 6. http://www.saout.de/mailman/listinfo/dm-crypt > > > > > > > _______________________________________________ > > > > dm-crypt mailing list > > > > dm-crypt@xxxxxxxx > > > > http://www.saout.de/mailman/listinfo/dm-crypt > > > > > > > > > -- > > > Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx > > > GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 > > > ---- > > > A good decision is based on knowledge and not on numbers. -- Plato > > > > > > If it's in the news, don't worry about it. The very definition of > > > "news" is "something that hardly ever happens." -- Bruce Schneier > > > _______________________________________________ > > > dm-crypt mailing list > > > dm-crypt@xxxxxxxx > > > http://www.saout.de/mailman/listinfo/dm-crypt > > > > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@xxxxxxxx > > http://www.saout.de/mailman/listinfo/dm-crypt > > -- > Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx > GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 > ---- > A good decision is based on knowledge and not on numbers. -- Plato > > If it's in the news, don't worry about it. The very definition of > "news" is "something that hardly ever happens." -- Bruce Schneier > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
