I wanted to install Debian Linux after a weird journey with Gentoo Linux. My partition layout is this:
- Boot Partition (512 MiB, mount at /boot)
- Swap Partition (4 GiB)
- Root Partition (~80 GiB, mount at /)
- Home Partition (~170 GiB, mount at /home, LUKS encrypted)
While trying to preserve the home partition, I think I clicked ‘Configure encrypted partitions’ on the Debian installer and then set a password for it (the same that it had before).
Now, I can unlock it like before, but after it is unlocked, no utility recognizes the filesystem (ext4) and the file command reports it as being data:
# file -s -L /dev/mapper/home
/dev/mapper/home: data
file on the encrypted partition returns the following:
# file -s /dev/nvme0n1p4
/dev/nvme0n1p4: LUKS encrypted file, ver 2, header size 16384, ID 3, algo sha256, salt 0x590d84c0e8397ad0..., UUID: c5ff37db-11f7-4ccf-8869-c4bc22648202, crc 0x345f75d85c9f444a..., at 0x1000 {"keyslots":{"0":{"type":"luks2","key_size":64,"af":{"type":"luks1","stripes":4000,"hash":"sha256"},"area":{"type":"raw","offse
(This is the complete output, it cuts at offset for some reason)
My luksDump output is this:
# cryptsetup luksDump /dev/nvme0n1p4
LUKS header information
Version: 2
Epoch: 3
Metadata area: 16384 [bytes]
Keyslots area: 16744448 [bytes]
UUID: c5ff37db-11f7-4ccf-8869-c4bc22648202
Label: (no label)
Subsystem: (no subsystem)
Flags: (no flags)
Data segments:
0: crypt
offset: 16777216 [bytes]
length: (whole device)
cipher: aes-xts-plain64
sector: 512 [bytes]
Keyslots:
0: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 512 bits
PBKDF: argon2id
Time cost: 6
Memory: 1048576
Threads: 4
Salt: 18 b4 a6 e9 87 1f 94 f6 7d 96 f2 9c 0f 2e ca 75
e6 0f 80 7d 09 70 40 19 d0 a4 a1 49 ff 5c 1c 0b
AF stripes: 4000
AF hash: sha256
Area offset:32768 [bytes]
Area length:258048 [bytes]
Digest ID: 0
Tokens:
Digests:
0: pbkdf2
Hash: sha256
Iterations: 171785
Salt: c2 b0 a6 f5 e1 bf 5f 85 82 b1 d5 f3 10 c6 ae b7
7c fc 50 41 c5 a6 03 f6 5a bd ac df 46 89 7b c6
Digest: 57 7d fb 87 69 c5 58 07 cf 82 88 5e f8 c6 39 f5
7d 00 ec 07 e0 df b8 ee b5 dd ff 20 bf b3 bc 01
My guess is that I re-encrypted the already encrypted partition. Also, I noticed that the UUID changed. Can anyone help me recover it? Thanks in advance.
If you need more logs, I will happily provide them to you.
Given that the UUID changed, you almost certainly made a new LUKS container, overwriting the old one. That’s bad, because the LUKS header is the only source of the actual encryption key that was used, and making a new one will overwrite both the main header as well as its backup copy immediately. Your password/keyfile/whatever is merely used to decrypt the part of the header that has the actual encryption key, and that’s gone in that case.
Unless you have access to a header backup from before that, there’s a fairly strong chance it’s irrecoverable. I’d suggest going through any archives you might have to see if you have such a backup - most of the instructions on the Gentoo wiki encourage making one, so you might have made one through the power of copying & pasting instructions. Should be a file of around 16MB.
Sadly, I don’t have a backup of the header. But I know the password that was used to decrypt the partition. Anyway, from the things you said, I can conclude that it might be irrecoverable.
What are the chances the header is stored in the partition map? Could you use testdisk to try and recover the old partition map and its data?
I think the header is stored in the partition map but just like chameleon said, it has been overwritten by the new one, that I created by accident.
Right, well testdisk has worked wonders in the past for me. It might worth a try especially if this is a spinning rust drive. It has helped me recover broken partitions and lost files so if you know where you’re looking you just might have a chance. I’m no expert but it seems like one of your last options with all the info provided. Best of luck!
I ran it, but no luck! In any way, I have already wiped the partition because I heard it was irrecoverable.
I’ve been bit by this, it has been an issue for a long time. For a while it also affected Ubuntu but I don’t know if that’s still the case.
Rather than decrypting the existing luks partition like pretty much every other distro, the Debian installer will create a new one using that key. Additionally, the installer does not cache the information and apply it when you finalize partitioning, it will apply the encryption immediately and then allow you to partition on top of it. Instant data loss.
It is possible to reuse an existing luks partition, but you must unlock and mount it manually before partitioning in the installer. This isn’t something I’d expect anyone to know beforehand, since it’s different than everything else.
Edit: apparently a very long time https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=451535
Scary details.
I am not a cryptographic expert, but it sounds like you may have built a new key, and old files would be inaccessible…or that the option you chose does a file directory wipe.
Yes, this does seem to be the case with the info at hand. You won’t be able to recover the data afaik.
i think you just nuked your home partition.
I hope you have backups, man.
Good reason to have external drive backup and remote site backup.
$18.49 + shipping from newegg for new 500 gb sata drive would have saved your data. At these prices it could have been your new drive. Use rsync for quick drive backup.
Remote site backup is cheap these days.
Roughly $5 per 1 Terabyte per month. You can get lower for 160 gb of data with initial upload price spike. Use rclone for offsite backup.
What does
lsblk -fshow ?I nuked my system so many times, everything from not knowing what I was doing to using disk partion when tired and forgetting to select the usb.
Good thing my intro to Linux was through servers, I have a NAS with all my work files backed up as well as a second spare SSD that clones main SSD once a week.
