[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: partman crypto changed passphrase of previously encrypted volume

On 2018-09-03 12:35, crotamine wrote:
Now, I have the following questions to the debian-installer list:
(1) during installation: with what command does the partition manager
insert a password for an encrypted volume of which the data is NOT to
be erased?
and (2) what should be my course of action to retrieve my precious
/home data from that volume (if possible at all??!)? E.g. change the
password to original? Doubly decrypt?? All help is greatly

I don't think the data will be recoverable unless you have a backup of the LUKS header. The way LUKS works is that data is not encrypted with a passphrase directly but with a key that is encrypted to a set of passphrases. If you worked purely through the installer's UI you will have overwritten your LUKS header and hence will be unable to decrypt the data ever again because the key material is lost. The position of the LUKS header on disk is always in the same place.

Data erase is really just about overwriting the existing data with zeros, which I understand is pretty confusing. Technically the data is already erased by the fact that the header is overwritten but some people want to be sure and write random data (or in the case of non-encrypted disks zeros) to the disk before deploying the system into production.

Kind regards
Philipp Kern

Reply to: