Restored luks2 header to wrong drive!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi.

I am sure you have heard this before.

I have a computer running Debian unstable, Cinnamon desktop environment.  I have a testing usb thumb drive, labeled USBSDOO3,  which I formatted ext4, and encrypted with luks1, using the Gnome "disks" utility program. 

I then installed cryptsetup and used its "convert" option to change USBSD003 from luks1 to luks2. 

Then I used the cryptsetup header backup function to backup the luks2 header to my internal ssd drive. All good so far.

Then, as a test, I tried to restore the luks2 header to USBSD003. 

Well, I made a HUGE mistake! 
USBSD003 was plugged in as device /dev/sdc1. 

But . . . 
I entered the command:

Sudo cryptsetup luksHeaderRestore /dev/sdb1 
--header-backup-file \
LUKS_header_backups/USBSD003_luks_header_backup_2020-05-04.

Unfortunately, at /dev/sdb1 was a 1Tb usb external hard drive, one partition only, formatted ext4, UNENCRYPTED, labeled USBHD005. So I endeded up restoring the header to the hard drive, instead of to the thumb drive! 

Disaster!
The hard drive (was) about 78% full of real, important data, much of which was not backed up elsewhere. 

Immediately realizing what I had done, I used the Gnome "Disks" utility to unmount, "lock" and power off both USBSD003 and USBHD005. And then rebooted.

Now when I plug in USBHD005, the "Disks" program asks for the luks2 passphrase, which I type in correctly. It replies "Unable to mount 1.0 TB Encrypted". 

The "Disks" graphical window, under "Volumes", shows 2 horizontal bars. The one on top says "Partition 1", and an unlocked lock icon. 

The one below says "1.0 TB Unknown". 

Lower down, the window says:
Size:  1.0 TB (1,000,200,994,816 bytes).
Device:  /dev/mapper/luks-dda13787-d4ab-40f2-8cb9-6edbad-868747.
Contents:  Unknown.

In a terminal, with luks2 "unlocked", if I enter: 
sudo cryptsetup status /dev/mapper/luks-dda13787-d4ab-40f2-8cb9-6edbad-868747
It replies:  

/dev/mapper/luks-dda13787-d4ab-40f2-8cb9-6edbad-868747 is active.
type:       LUKS2
cipher:    aes-xts-plain64
keysize:  256 bits
key location:  keyring
device:   /dev/sb1
sector size:  512
offset:   4096 sectors
size:      1953517568
mode:   read/write

When luks2 is "locked", the terminal says:
/dev/mapper/luks-dda13787-d4ab-40f2-8cb9-6edbad-868747 is inactive.
And says the same thing when USBHD005 is "powered off" by the "Disks" program.  

Neither the the terminal "mount" command, nor the Nautilus or Nemo file managers, show any indication of USBHD005 OR /dev/sdb(1). 

Running:
lsblk -o name,label,size,retype,model
shows:

sdb
sdb1
luks-dda13787-d4ab-40f2-8cb9-6edbad-868747
931.5G

I did try to "image" USBHD005 on a brand new 1Tb external sub drive, but the image ran out of space just before finishing.  Apparently I need a 2Tb drive to image a 1Tb drive.

I also read the LUKS faq, but I must confess that much of it was "over my head".

So . . . 
Is there a way I can recover my data from USBHD005?


_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
https://www.saout.de/mailman/listinfo/dm-crypt

[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux