There was a script in cryptsetup repo, that did exactly this task
(re-create LUKS header according to active device parameters).
See misc/luks-header-from-active in git.
But it is probably no longer working (definitely not with LUKS2 where
we store dm-crypt key in keyring), but some parts can be useful still.
I will need to fix it later... Patches welcome :)
Milan
On 05/08/18 23:53, Mikhail Morfikov wrote:
> My friend zeroed out the first 3 GiB of a drive, including the partition table,
> LUKSv1 header, and EXT4 superblock + some data of the first partition. He
> realized what he did, and before rebooting the system, he recovered the master
> key via the following command:
>
> -----------------------------
> # dmsetup table --showkeys /dev/mapper/encrypted | awk '{ print $5 }' | xxd -r
> -p > /tmp/master_key
> -----------------------------
>
> He saved the key and later on (offline) he wanted to recreate the LUKS header
> using the following command:
>
> -----------------------------
> # cryptsetup luksFormat -v -y -c aes-xts-plain64
> --master-key-file=/tmp/master_key /dev/sdd1
> -----------------------------
>
> But he was unable to decrypt the data (I know the ext4 superblock is damaged,
> but the volume can be tested whether it is decrypted or not, and in this case it
> wasn't).
>
> He said that the original container was created (probably) using this command:
>
> # cryptsetup -v -y -c aes-xts-plain64 -s 512 -h sha512 -i 5000 --use-random
> luksFormat /dev/sdd1
>
> He ultimately found the header backup and everything went well, but I have a
> question -- what parameters are needed in order to recreate the header when the
> master key is known?
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@xxxxxxxx
> https://www.saout.de/mailman/listinfo/dm-crypt
>
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
https://www.saout.de/mailman/listinfo/dm-crypt
