how to create LUKS header backup and restore it on ubuntu

Aug 30, 2020

#How To#Backup
how to create LUKS header backup and restore it on ubuntu

Learn how to create LUKS header backup and restore it in case of emergency.

LUKS is a standard method on Linux based system for protecting data and disk, especially on mobile devices such as Linux laptop.

Display LUKS header information.

$ sudo cryptsetup luksDump /dev/sdb1 


LUKS header information for /dev/sdb1

Version:        1
Cipher name:    aes
Cipher mode:    xts-plain64
Hash spec:      sha256
Payload offset: 4096
MK bits:        256
MK digest:      eb 33 45 89 95 2b 67 dd 65 6d 17 d3 ed 7d 05 c4 84 58 5f fc 
MK salt:        b7 0b c3 96 0e ab 70 1b f0 28 9f 39 63 a4 37 95 
                16 e0 61 e6 98 ab fc c1 18 db 1a 36 bc 00 bd 13 
MK iterations:  151879
UUID:           ac32a865-2716-43e3-8db9-798d4279a3a3

Key Slot 0: ENABLED
        Iterations:             2430070
        Salt:                   10 a5 7d 29 c8 7f 21 d8 15 ca 42 08 01 a5 79 0c 
                                d4 d7 5b 87 c3 14 cc 33 75 ec ec ba 71 26 8c 67 
        Key material offset:    8
        AF stripes:             4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

Create LUKS header backup.

$ sudo cryptsetup luksHeaderBackup /dev/sdb1 --header-backup-file luks_backup_sdb1

Display backup information.

$ sudo file luks_backup_sdb1 


luks_backup_sdb1: LUKS encrypted file, ver 1 [aes, xts-plain64, sha256] UUID: ac32a865-2716-43e3-8db9-798d4279a3a3


$ sudo stat luks_backup_sdb1 


  File: luks_backup_sdb1
  Size: 1052672         Blocks: 2056       IO Block: 4096   regular file
Device: fd01h/64769d    Inode: 13243082    Links: 1
Access: (0400/-r--------)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2018-12-11 23:35:17.003130528 +0100
Modify: 2018-12-11 23:35:00.183111603 +0100
Change: 2018-12-11 23:35:00.183111603 +0100
 Birth: -

Display stored LUKS header information.

$ sudo cryptsetup luksDump luks_backup_sdb1


LUKS header information for luks_backup_sdb1

Version:        1
Cipher name:    aes
Cipher mode:    xts-plain64
Hash spec:      sha256
Payload offset: 4096
MK bits:        256
MK digest:      eb 33 45 89 95 2b 67 dd 65 6d 17 d3 ed 7d 05 c4 84 58 5f fc
MK salt:        b7 0b c3 96 0e ab 70 1b f0 28 9f 39 63 a4 37 95
                16 e0 61 e6 98 ab fc c1 18 db 1a 36 bc 00 bd 13
MK iterations:  151879
UUID:           ac32a865-2716-43e3-8db9-798d4279a3a3

Key Slot 0: ENABLED
        Iterations:             2430070
        Salt:                   10 a5 7d 29 c8 7f 21 d8 15 ca 42 08 01 a5 79 0c
                                d4 d7 5b 87 c3 14 cc 33 75 ec ec ba 71 26 8c 67
        Key material offset:    8
        AF stripes:             4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

Restore LUKS header information.

$ sudo cryptsetup luksHeaderRestore /dev/sdb1 --header-backup-file luks_backup_sdb1


WARNING!
========
Device /dev/sdb1 already contains LUKS header. Replacing header will destroy existing keyslots.

Are you sure? (Type uppercase yes): YES

Store it securely as created LUKS header backup can be used to perform brute-force attack.

Comments

How to set up automatic security updates for Ubuntu

How to Setup ModSecurity on Ubuntu 18.04

How to Setup ModSecurity on Ubuntu 18.04

Jun 13, 2020

This tutorial explains how to install and configure ModSecurity on Apache web servers.

#How To

How to use the classic Unity Desktop in Ubuntu 20.04

May 18, 2020

Although Canonical dropped the Ubuntu Unity desktop in 18.04, it is still available in the new version of Ubuntu 20.04, and the company still makes it available to anyone who likes to use it.

#How To#Desktop

About

Mar 29, 2020

Ubuntu Club is A curated list of Tips, and Tricks for Using Ubuntu.