luks encryption master key file
422 views
Skip to first unread message
paige...@gmail.com
Mar 22, 2016, 2:16:40 AM3/22/16
to qubes-users
Hello,
I'm trying to reset my luks passphrase using the master key file in the OS per these suggestions: http://unix.stackexchange.com/questions/161915/change-password-on-a-luks-filesystem-without-knowing-the-password
and
http://www.thegeekstuff.com/2016/03/cryptsetup-lukskey/
I'm trying to reset my luks passphrase using the master key file in the OS per these suggestions: http://unix.stackexchange.com/questions/161915/change-password-on-a-luks-filesystem-without-knowing-the-password
and
http://www.thegeekstuff.com/2016/03/cryptsetup-lukskey/
Unfortunately I installed Qubes last night in a not-so-awake state and forgot the passphrase I used but fortunately have not turned off the computer yet so I still have access to the master key file.
The instructions from the first link gave me permission failures and ended with "Cannot read keyfile /dev/fd/63". The instructions from the second link gave me no permission failures and only the response above. That file doesn't exist, though other files exist in that folder. The internet doesn't have much to say about that type of response so I'm wondering if this is a qubes specific issue.
Would rather not reinstall since I did a lot of configuration today but it's not the end of the world if I must.
Thanks in advance!
Marek Marczykowski-Górecki
Mar 22, 2016, 5:55:12 AM3/22/16
to paige...@gmail.com, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Did you run that commands as root?
You can do that in two steps:
1. Extract master key:
dmsetup table --showkeys $volume_name | awk '{ print $5 }' | xxd -r -p >
/tmp/master-key
2. Use it to reset password:
cryptsetup luksAddKey $device --master-key-file /tmp/master-key
Of course you need to set volume_name and device variables first (as explained in
that stackexchange answer.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJW8RZ2AAoJENuP0xzK19csDW8H/R18uGUkUbjSl7JKh4BTIpcQ
8slEFOzHuwG1KtlmmKOsMalwEu/si9VQavnNY6UfBcfNXXZ5kN/wXxus5/Yt3jAg
wOEphx/Q69qlQidgcFOOHZ/2jd5toFrTDKQ1jJsQx9pjK2ZUto/78EDQg04YpeCV
Vfvh/2iwV+Aidx5cPgh36TZO6hzEjYhkXNWAs7RautYjlr0OT8HOdpDBUIUijf1b
lsT4nCRB0VPVP8RldiswdlITtyjxwuq72EzxbnR4NxRmeI5FeL0s4/8GHccj3cmc
PONodvtrZwwAsDsSuU8PajZ9f0K6lMEctZu/hknWSp5C0tdWjSgGr/pHASC21mA=
=hNCs
-----END PGP SIGNATURE-----
Hash: SHA256
You can do that in two steps:
1. Extract master key:
dmsetup table --showkeys $volume_name | awk '{ print $5 }' | xxd -r -p >
/tmp/master-key
2. Use it to reset password:
cryptsetup luksAddKey $device --master-key-file /tmp/master-key
Of course you need to set volume_name and device variables first (as explained in
that stackexchange answer.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJW8RZ2AAoJENuP0xzK19csDW8H/R18uGUkUbjSl7JKh4BTIpcQ
8slEFOzHuwG1KtlmmKOsMalwEu/si9VQavnNY6UfBcfNXXZ5kN/wXxus5/Yt3jAg
wOEphx/Q69qlQidgcFOOHZ/2jd5toFrTDKQ1jJsQx9pjK2ZUto/78EDQg04YpeCV
Vfvh/2iwV+Aidx5cPgh36TZO6hzEjYhkXNWAs7RautYjlr0OT8HOdpDBUIUijf1b
lsT4nCRB0VPVP8RldiswdlITtyjxwuq72EzxbnR4NxRmeI5FeL0s4/8GHccj3cmc
PONodvtrZwwAsDsSuU8PajZ9f0K6lMEctZu/hknWSp5C0tdWjSgGr/pHASC21mA=
=hNCs
-----END PGP SIGNATURE-----
paige...@gmail.com
Mar 22, 2016, 11:30:28 AM3/22/16
to qubes-users
Hey Marek, thanks for the response. I did run as root for all my attempts. Your suggestion seems similar to what the second link recommends but it actually works! Not sure why it was looking for the file I referenced in the other attempts.
Anyways, I appreciate your help! And I'm very much enjoying Qubes other than this little mishap I put myself through. :)
Cheers!
Anyways, I appreciate your help! And I'm very much enjoying Qubes other than this little mishap I put myself through. :)
Cheers!
Reply all
Reply to author
Forward
0 new messages