<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<font size="2" face="Courier 10 Pitch">Hi guys.<br>
<br>
I know this is most likely not best suited question for this list,
but I'm hoping some experts might be able to help.<br>
<br>
I have a LUKS device which had keyslot with pass-phrase removed
and token for TPM keyslot removed too - I think this is the case,
for none of my passphrase works and device is as below:<br>
<br>
I hope there is a way to save & bring it back to live - device
is open right now and I've access to filesystem, obviously goal
would be to avoid re-format/crypt.<br>
<br>
Would it be needed to create a new token for that TPM keyslot - if
it's tpm - with _systemd-cryptenroll_ or any other way?<br>
<br>
-> $ cryptsetup luksDump /dev/nvme0n1p3<br>
LUKS header information<br>
Version: 2<br>
Epoch: 83<br>
Metadata area: 16384 [bytes]<br>
Keyslots area: 16744448 [bytes]<br>
UUID: 3a879268-84fd-4b48-a5d4-960cccb0caa9<br>
Label: (no label)<br>
Subsystem: (no subsystem)<br>
Flags: (no flags)<br>
<br>
Data segments:<br>
0: crypt<br>
offset: 16777216 [bytes]<br>
length: (whole device)<br>
cipher: aes-xts-plain64<br>
sector: 512 [bytes]<br>
<br>
Keyslots:<br>
1: luks2<br>
Key: 512 bits<br>
Priority: normal<br>
Cipher: aes-xts-plain64<br>
Cipher key: 512 bits<br>
PBKDF: pbkdf2<br>
Hash: sha512<br>
Iterations: 1000<br>
Salt: a4 5b 6b cc a8 f1 6b e8 b7 3b e2 3d ca 8d 43 fb <br>
10 52 62 b9 99 45 70 16 bd e1 0f 7a 6c 7f 3d 11 <br>
AF stripes: 4000<br>
AF hash: sha512<br>
Area offset:290816 [bytes]<br>
Area length:258048 [bytes]<br>
Digest ID: 0<br>
Tokens:<br>
Digests:<br>
0: pbkdf2<br>
Hash: sha256<br>
Iterations: 183317<br>
Salt: ef 56 aa 59 c2 64 66 c7 49 57 31 4b a7 7d 00 3c <br>
fe 00 89 2e b9 e9 da bc 69 1d 19 59 96 a9 27 aa <br>
Digest: 79 aa 0c 8a 29 64 9c 83 bb 5a f8 5c b5 c6 b0 9c <br>
5e 54 80 49 bd 21 f6 b4 5b 49 65 39 bd 6f 5f 20 <br>
<br>
</font>
</body>
</html>