[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: partman crypto changed passphrase of previously encrypted volume

On September 3, 2018 2:10 PM, Philipp Kern <pkern@debian.org> wrote:
> I don't think the data will be recoverable unless you have a backup of
> the LUKS header. The way LUKS works is that data is not encrypted with a
> passphrase directly but with a key that is encrypted to a set of
> passphrases. If you worked purely through the installer's UI you will
> have overwritten your LUKS header and hence will be unable to decrypt
> the data ever again because the key material is lost. The position of
> the LUKS header on disk is always in the same place.

Thank you for your quick and clear answer Philipp, this is greatly appreciated.

Yes, I worked purely through the installer's UI, and I do not have a copy of the LUKS header.

So, using cryptsetup to change the new passphrase back to the old one will not help me to successfully decrypt any of my data in that volume (because it will not lead to the same key material). Correct? Ouch...

Are there any other options I could try?

After I've recovered from this problem, I will file a feature request for partman: (a) detecting previously encrypted volumes; (b) requesting to mount previously-encrypted volumes with their passphrase and/or include a warning when proceeding to overwrite the LUKS header.

Thanks again & keep up the good work caring for our beloved Debian

Reply to: