My friend zeroed out the first 3 GiB of a drive, including the partition table,
LUKSv1 header, and EXT4 superblock + some data of the first partition. He
realized what he did, and before rebooting the system, he recovered the master
key via the following command:
-----------------------------
# dmsetup table --showkeys /dev/mapper/encrypted | awk '{ print $5 }' | xxd -r
-p > /tmp/master_key
-----------------------------
He saved the key and later on (offline) he wanted to recreate the LUKS header
using the following command:
-----------------------------
# cryptsetup luksFormat -v -y -c aes-xts-plain64
--master-key-file=/tmp/master_key /dev/sdd1
-----------------------------
But he was unable to decrypt the data (I know the ext4 superblock is damaged,
but the volume can be tested whether it is decrypted or not, and in this case it
wasn't).
He said that the original container was created (probably) using this command:
# cryptsetup -v -y -c aes-xts-plain64 -s 512 -h sha512 -i 5000 --use-random
luksFormat /dev/sdd1
He ultimately found the header backup and everything went well, but I have a
question -- what parameters are needed in order to recreate the header when the
master key is known?
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
https://www.saout.de/mailman/listinfo/dm-crypt
