Please do read this article first: How to recover lost LUKS key or passphrase
I cannot stop doing stupid things, this time, I mistakenly removed the active LUKS key with cryptsetup luksRemoveKey
command.
I setup my LUKS during OS installation by simply tick the “encryption” checkbox, so yes, I did not backup my LUKS header or keyfile.
When I dump the LUKS, it said slot 1 has a key, but whatever passphrase I tried, I cannot pass cryptsetup luksOpen --test-passphrase
again.
It is clear that I have messed up badly. However, since my PC was still on with the decrypted LUKS mounted, there was still hope.
First, I took a shower to calm down.
Get current LUKS volume:
1 |
|
1 |
|
Get master key of current decrypted volume, the long blob in colum 5 is the key in hex format:
1 |
|
1 |
|
Convert the master key to binary format:
1 |
|
Add a new key use the master key file:
1 |
|
Be smart and backup the LUKS header:
1 |
|