How To Backup And Restore LUKS Encrypted Zorin OS drive's headers?

Hello,
When installing zorin os I had selected the encrypt option. Everything works fine but about 2-3 days ago due to power failure my laptop (after running on battery) shut downed abruptly. I have heard that if the disk of the system is encrypted, then this happening may cause the headers to go corrupt and I won’t be able to unlock my system. Personally I have experience of this happening in many other encryption programs too (once the headers go corrupt, then the correct password won’t work)

Any way to backup the headers so if that happens I can restore them?
and how to restore them if I have to :confused:

Thanks.

I found this on Google about backup and restore LUKS headers. Hope it helps?

In the Duping up LUKS headers step, I am getting confused in this part:
sudo cryptsetup luksDump /dev/DEVICE
sudo cryptsetup luksDump /dev/sdb2
sudo cryptsetup luksDump /dev/md1

From sudo dmsetup ls --target crypt, I came to know that my encrypted ssd is sda5_crypt

I replaced DEVICE with sda5 and it worked, but since that is the only drive, from which I have to backup the header I want to know what to do with sdb2 (which will be mine equivalent?). The same with md1 too.

Here, it says that I need these 3 backups:

To recover data from encrypted file/volumes backup the following files

/etc/fstab file
/etc/crypttab file
LUKS header

Are these 3 files, the rest of the files (sdb2, md1 etc) mentioned here?
If yes then how to find the equivalent for my system?

Or is just backing up headers of sda5 only is enough?

So I have a disk /dev/sda with an encrypted partition /dev/sda/data and it’s mounted as /data.

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 465.8G 0 disk
└─data 253:0 0 465.8G 0 crypt /data

Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/data ext4 458G 3.1G 432G 1% /data

To backup the LUKS headers I run (as root)

cryptsetup luksHeaderBackup /dev/sda --header-backup-file data-backup.bin

To restore the header I unmount the disk and run

cryptsetup luksHeaderRestore /dev/sda --header-backup-file data-backup.bin

I think the article tries to be too helpful and show too many examples. If they’d stuck to a specific device name and shown you how to find your device name it would have been easier to understand.

2 Likes

Simplicity is always the best, thanks :slight_smile: