On 5 Aug 2018 23:53 +0200, from mmorfikov@xxxxxxxxx (Mikhail Morfikov): > # cryptsetup luksFormat -v -y -c aes-xts-plain64 > --master-key-file=/tmp/master_key /dev/sdd1 > > But he was unable to decrypt the data (I know the ext4 superblock is damaged, > but the volume can be tested whether it is decrypted or not, and in this case it > wasn't). > > He said that the original container was created (probably) using this command: > > # cryptsetup -v -y -c aes-xts-plain64 -s 512 -h sha512 -i 5000 --use-random > luksFormat /dev/sdd1 > > He ultimately found the header backup and everything went well, but I have a > question -- what parameters are needed in order to recreate the header when the > master key is known? Well, the cipher spec for one would obviously need to match exactly for the newly created header to be useful for decrypting the existing data. So depending on the defaults, the missing `-s 512` absolutely could make a difference. My cryptsetup says the default for LUKS1 is aes-xts-plain64 with 256 bits of key. So if your friend's system is similar to mine, chances are good that the missing key length specifier had something to do with it. The man page doesn't seem to say anything about what happens if the provided master key file has a length different from the key length that ends up being used by the selected cipher. Keep in mind that with XTS you're effectively running the cipher itself in half the key length mode (so if you specify AES-XTS and 256 bits of key, then the actual key used by AES is a 128 bit one). Thus, the difference between specifying 512 bits and 256 bits means running AES with a 256 bit key or a 128 bit key, respectively. Specifically for AES, this also means running a different number of rounds; IIRC, with a 256 bit key, AES uses 14 rounds, whereas with a 128 bit key, it uses 10 rounds. So it's effectively a _very_ different cipher if you use a different key length. Personally, I have written down the exact commands used to create the LUKS containers, just in case. At least in this case your friend _had_ a header backup. -- Michael Kjörling • https://michael.kjorling.se • michael@xxxxxxxxxxx “The most dangerous thought that you can have as a creative person is to think you know what you’re doing.” (Bret Victor) _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
