How to recover lost LUKS key or passphrase - Red Hat Customer Portal (2024)

Solution Verified - Updated 2024-08-05T04:46:12+00:00 -

English
Japanese

Environment

Red Hat Enterprise Linux 5 and later
- LUKS1

Issue

I lost my LUKS key. How can I recover my data?
I forgot the passphrase to my LUKS-encrypted drive. What can I do?
How can I recover my data if forgot luks password ?

Resolution

This solution only works with LUKS1 devices. It is not possible to recover the master key of LUKS2 devices because the key is stored in the kernel directly.

(A) Are any other passphrases or keyfiles available?

LUKS allows for up to 8 keys (derived from passphrases or files) per device

Find the device name with blkid
This command will only show LUKS devices

blkid -t TYPE=crypto_LUKS -o device

Example:

[root]# blkid -t TYPE=crypto_LUKS -o device/dev/vdb1

Inspect the LUKS header to see how many key-slots are populated
Use the device name from the previous step

cryptsetup luksDump /dev/<NAME> | grep Key.Slot

Example:

[root]# cryptsetup luksDump /dev/vdb1 | grep Key.SlotKey Slot 0: ENABLEDKey Slot 1: DISABLEDKey Slot 2: DISABLEDKey Slot 3: DISABLEDKey Slot 4: DISABLEDKey Slot 5: DISABLEDKey Slot 6: DISABLEDKey Slot 7: DISABLED

If more than one key slot is enabled, perhaps someone else has a valid key ...?
- If so, that other passphrase/keyfile could be used to add a new key
  See: How to add a passphrase, key, or keyfile to an existing LUKS device
- If not, go to (B)
  See Also
  End-to-end encryption and guide on how it works | PreVeil

(B) Is the device still open?

If the system is still up and the device is currently opened (unlocked), root can use the master key to add a new key

(RHEL 5 caveat: root can extract the master key to a file; however, cryptsetup in RHEL 5 doesn't support reading the master key to add a new key. Instead, the disk itself will need to be closed and moved to a RHEL 6 or RHEL 7 machine [along with the master key file].)

Check for open crypt devices
This command will only show open maps to LUKS-encrypted devices
```
dmsetup ls --target crypt
```
Example:
```
[root]# dmsetup ls --target cryptvdc-decrypted (253, 2)luks-ec013cf7-ad72-4dcf-8a1e-0548016a3e2c (253, 1)
```
The first column is the map filename (<MAP>) without the /dev/mapper/ prefix
If no output is seen, go to (C)

Find desired open map in above output and make note of its name (<MAP>)
If system has only ever had one LUKS device, go to next step
If there are [or should be] multiple LUKS devices on system, use lsblk, findmnt, df, mount, or /etc/fstab to determine the right device

Examples:

[root]# mount | grep vdc/dev/mapper/vdc-decrypted on /opt type xfs (rw,relatime,seclabel,attr2,inode64,noquota)[root]# lsblk | grep -B1 luks-ec013cf7-ad72-4dcf-8a1e-0548016a3e2c└─vdb1 252:17 0 1023M 0 part └─luks-ec013cf7-ad72-4dcf-8a1e-0548016a3e2c 253:1 0 1021M 0 crypt /cryptstor[root]# lsblk /dev/vdcNAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTvdc 252:32 0 2G 0 disk└─vdc-decrypted 253:2 0 2G 0 crypt /opt[root]# findmnt /dev/mapper/luks-ec013cf7-ad72-4dcf-8a1e-0548016a3e2cTARGET SOURCE FSTYPE OPTIONS/cryptstor /dev/mapper/luks-ec013cf7-ad72-4dcf-8a1e-0548016a3e2c ext4 rw,relatime,seclabel,data=ordered

Extract the LUKS master key and use it to add a new key
Be careful with the master key -- it allows full access to the device

dmsetup table <MAP> --showkeys

The master key is the hex string in the 5th column; however, to use it with cryptsetup luksAddkey <DEVICE> --master-key-file, it must be converted to binary

RHEL 6 and RHEL 7:
The master key can be extracted, converted to binary, and piped directly to luksAddKey with the following command

cryptsetup luksAddKey <DEVICE> --master-key-file <(dmsetup table --showkey /dev/mapper/<MAP> | awk '{print$5}' | xxd -r -p)

Example:

[root]# lsblk | grep -B1 luks-ec013cf7-ad72-4dcf-8a1e-0548016a3e2c└─vdb1 252:17 0 1023M 0 part └─luks-ec013cf7-ad72-4dcf-8a1e-0548016a3e2c 253:1 0 1021M 0 crypt /cryptstor[root]# cryptsetup luksAddKey /dev/vdb1 --master-key-file <(dmsetup table --showkey /dev/mapper/luks-ec013cf7-ad72-4dcf-8a1e-0548016a3e2c | awk '{print$5}' | xxd -r -p)Enter new passphrase for key slot:Verify passphrase:[root]# cryptsetup luksDump /dev/vdb1 | grep ENABLEDKey Slot 0: ENABLEDKey Slot 1: ENABLED

RHEL 5:
Save the key to a gpg-encrypted file for transfer to a RHEL 6 or RHEL 7 system where the final steps can be done

Example:

[root@rhel5]# dmsetup table --showkey vdb-open | awk '{print $5}'3c8e2d74f66d684547fdb0421cb3ced6[root@rhel5]# dmsetup table --showkey vdb-open | awk '{print $5}' | gpg -aco masterkey.gpg --force-mdc --cipher-algo aes256Enter passphrase:Repeat passphrase:[root@rhel5]# cat masterkey.gpg-----BEGIN PGP MESSAGE-----Version: GnuPG v1.4.5 (GNU/Linux)jA0ECQMClT4LaE+j9PNg0lYBM0QAV1jOEPVIZuEhOnB2iStT+51BTzMxlg99uu9LFmynvHQZ71M/0JXoEpBmEvJUXS0NB1deTCFfNb7BDGuYQZDKSCunQo/F0o2m1l5xZLq83BcDdg===p7Zd-----END PGP MESSAGE----- Transfer masterkey.gpg to RHEL 6/7 system. Make sure masterkey.gpg can be decrypted on other system.[root@rhel6]# gpg -d masterkey.gpggpg: AES256 encrypted datagpg: encrypted with 1 passphrase3c8e2d74f66d684547fdb0421cb3ced6 Once certain masterkey is intact on other system, close the LUKS device on the RHEL 5 system and move/migrate the disk to the new system.[root@rhel5]# cryptsetup luksClose vdb-open After that, add a new key using the decrypted master key.[root@rhel6]# blkid -t TYPE=crypto_LUKS -o device/dev/vdb[root@rhel6]# cryptsetup luksAddKey /dev/vdb --master-key-file <(gpg -d masterkey.gpg | xxd -r -p)gpg: AES256 encrypted datagpg: encrypted with 1 passphraseEnter new passphrase for key slot:Verify passphrase:[root@rhel6]# cryptsetup luksDump /dev/vdb | grep ENABLEDKey Slot 0: ENABLEDKey Slot 1: ENABLED After adding new key, close the device and move it back to the RHEL 5 system, if desired.

(C) None of that helped!

The whole point of encryption is to protect data. If there are no known keys and the device is not unlocked, the data is as good as gone.
Barring future discoveries of cryptographic weaknesses in the current LUKS/dm-crypt implementation and barring availability of advanced quantum computers, the only option likely within the realm of possibility is a brute-force dictionary attack, i.e., password-guessing.
The feasibility of a dictionary attack depends entirely on the mind that created the key(s), since LUKS allows enormous (512 characters in RHEL 7) plaintext passphrases, not to mention insanely large (8 MiB in RHEL 7) keyfiles [which can contain newlines or even arbitrary binary data].

Product(s)
Red Hat Enterprise Linux

Category
Troubleshoot

Tags
security
storage

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.