I wanted to install Debian Linux after a weird journey with Gentoo Linux. My partition layout is this:

  • Boot Partition (512 MiB, mount at /boot)
  • Swap Partition (4 GiB)
  • Root Partition (~80 GiB, mount at /)
  • Home Partition (~170 GiB, mount at /home, LUKS encrypted)

While trying to preserve the home partition, I think I clicked ‘Configure encrypted partitions’ on the Debian installer and then set a password for it (the same that it had before).

Now, I can unlock it like before, but after it is unlocked, no utility recognizes the filesystem (ext4) and the file command reports it as being data:

# file -s -L /dev/mapper/home
/dev/mapper/home: data

file on the encrypted partition returns the following:

# file -s /dev/nvme0n1p4
/dev/nvme0n1p4: LUKS encrypted file, ver 2, header size 16384, ID 3, algo sha256, salt 0x590d84c0e8397ad0..., UUID: c5ff37db-11f7-4ccf-8869-c4bc22648202, crc 0x345f75d85c9f444a..., at 0x1000 {"keyslots":{"0":{"type":"luks2","key_size":64,"af":{"type":"luks1","stripes":4000,"hash":"sha256"},"area":{"type":"raw","offse

(This is the complete output, it cuts at offset for some reason)

My luksDump output is this:

# cryptsetup luksDump /dev/nvme0n1p4
LUKS header information
Version:       	2
Epoch:         	3
Metadata area: 	16384 [bytes]
Keyslots area: 	16744448 [bytes]
UUID:          	c5ff37db-11f7-4ccf-8869-c4bc22648202
Label:         	(no label)
Subsystem:     	(no subsystem)
Flags:       	(no flags)

Data segments:
  0: crypt
	offset: 16777216 [bytes]
	length: (whole device)
	cipher: aes-xts-plain64
	sector: 512 [bytes]

Keyslots:
  0: luks2
	Key:        512 bits
	Priority:   normal
	Cipher:     aes-xts-plain64
	Cipher key: 512 bits
	PBKDF:      argon2id
	Time cost:  6
	Memory:     1048576
	Threads:    4
	Salt:       18 b4 a6 e9 87 1f 94 f6 7d 96 f2 9c 0f 2e ca 75 
	            e6 0f 80 7d 09 70 40 19 d0 a4 a1 49 ff 5c 1c 0b 
	AF stripes: 4000
	AF hash:    sha256
	Area offset:32768 [bytes]
	Area length:258048 [bytes]
	Digest ID:  0
Tokens:
Digests:
  0: pbkdf2
	Hash:       sha256
	Iterations: 171785
	Salt:       c2 b0 a6 f5 e1 bf 5f 85 82 b1 d5 f3 10 c6 ae b7 
	            7c fc 50 41 c5 a6 03 f6 5a bd ac df 46 89 7b c6 
	Digest:     57 7d fb 87 69 c5 58 07 cf 82 88 5e f8 c6 39 f5 
	            7d 00 ec 07 e0 df b8 ee b5 dd ff 20 bf b3 bc 01

My guess is that I re-encrypted the already encrypted partition. Also, I noticed that the UUID changed. Can anyone help me recover it? Thanks in advance.

If you need more logs, I will happily provide them to you.

  • chameleon@kbin.social
    link
    fedilink
    arrow-up
    52
    ·
    7 months ago

    Given that the UUID changed, you almost certainly made a new LUKS container, overwriting the old one. That’s bad, because the LUKS header is the only source of the actual encryption key that was used, and making a new one will overwrite both the main header as well as its backup copy immediately. Your password/keyfile/whatever is merely used to decrypt the part of the header that has the actual encryption key, and that’s gone in that case.

    Unless you have access to a header backup from before that, there’s a fairly strong chance it’s irrecoverable. I’d suggest going through any archives you might have to see if you have such a backup - most of the instructions on the Gentoo wiki encourage making one, so you might have made one through the power of copying & pasting instructions. Should be a file of around 16MB.

    • VitabytesDev@feddit.nlOP
      link
      fedilink
      arrow-up
      14
      ·
      7 months ago

      Sadly, I don’t have a backup of the header. But I know the password that was used to decrypt the partition. Anyway, from the things you said, I can conclude that it might be irrecoverable.

      • astrsk@kbin.social
        link
        fedilink
        arrow-up
        10
        ·
        7 months ago

        What are the chances the header is stored in the partition map? Could you use testdisk to try and recover the old partition map and its data?

        • VitabytesDev@feddit.nlOP
          link
          fedilink
          arrow-up
          1
          ·
          7 months ago

          I think the header is stored in the partition map but just like chameleon said, it has been overwritten by the new one, that I created by accident.

          • astrsk@kbin.social
            link
            fedilink
            arrow-up
            2
            ·
            7 months ago

            Right, well testdisk has worked wonders in the past for me. It might worth a try especially if this is a spinning rust drive. It has helped me recover broken partitions and lost files so if you know where you’re looking you just might have a chance. I’m no expert but it seems like one of your last options with all the info provided. Best of luck!

            • VitabytesDev@feddit.nlOP
              link
              fedilink
              arrow-up
              1
              ·
              7 months ago

              I ran it, but no luck! In any way, I have already wiped the partition because I heard it was irrecoverable.

  • Bitrot@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    33
    ·
    edit-2
    7 months ago

    I’ve been bit by this, it has been an issue for a long time. For a while it also affected Ubuntu but I don’t know if that’s still the case.

    Rather than decrypting the existing luks partition like pretty much every other distro, the Debian installer will create a new one using that key. Additionally, the installer does not cache the information and apply it when you finalize partitioning, it will apply the encryption immediately and then allow you to partition on top of it. Instant data loss.

    It is possible to reuse an existing luks partition, but you must unlock and mount it manually before partitioning in the installer. This isn’t something I’d expect anyone to know beforehand, since it’s different than everything else.

    Edit: apparently a very long time https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=451535

  • BCsven@lemmy.ca
    link
    fedilink
    arrow-up
    11
    ·
    7 months ago

    I am not a cryptographic expert, but it sounds like you may have built a new key, and old files would be inaccessible…or that the option you chose does a file directory wipe.

  • Kualk@lemm.ee
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    7 months ago

    Good reason to have external drive backup and remote site backup.

    $18.49 + shipping from newegg for new 500 gb sata drive would have saved your data. At these prices it could have been your new drive. Use rsync for quick drive backup.

    Remote site backup is cheap these days.

    Roughly $5 per 1 Terabyte per month. You can get lower for 160 gb of data with initial upload price spike. Use rclone for offsite backup.

  • Shady_Shiroe@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    7 months ago

    I nuked my system so many times, everything from not knowing what I was doing to using disk partion when tired and forgetting to select the usb.

    Good thing my intro to Linux was through servers, I have a NAS with all my work files backed up as well as a second spare SSD that clones main SSD once a week.