How to mount and de-encrypt a LUKS encrypted partition to recover files

encryption data-recovery luks
42,243

To recover your files you will first need to open your LUKS container. This will make your LVM logical volumes accessible. Then, you can mount the appropriate logical volume to gain access to the files. I'll assume that once you have access to the files you'll know what to do.

Opening the LUKS container

To open the LUKS container run: sudo cryptsetup open /dev/sda3 luksrecoverytarget --type luks

Assuming you enter a valid passphrase, you'll now have the block device /dev/mapper/luksrecoverytarget; it's actually a symlink, but you can ignore that detail. That block device contains your LVM volume group. Next you need to determine which logical volume to mount.

Find the correct logical volume

Upon opening the LUKS container your OS should have scanned for LVM logical volumes. If not you can run sudo vgscan to get things synced up. To get a list of logical volumes run sudo lvdisplay. You'll see a list of one or more logical volumes. Hopefully you'll be able to tell which one you want to recover by looking at the LV Path.

Mount the logical volume

Once you know which logical volume to mount run:

sudo mkdir /mnt/recoverytarget
sudo mount LV_PATH_GOES_HERE /mnt/recoverytarget

Now you may do as you wish with the files.

Clean up

Once you're done, you should unmount the filesystem and close the LUKS container:

sudo umount /mnt/recoverytarget
sudo cryptsetup close luksrecoverytarget
Share:
42,243
Christen Edmundson
Author by

Christen Edmundson

I'm a young graphic and user interface designer, as well as a tech nerd on the side. I just finished migrating to Linux as my daily driver OS (for devices that run a desktop style operating system), and I use android as my mobile OS. I also happen to be transgender.

Updated on September 18, 2022

Comments

  • Christen Edmundson
    Christen Edmundson over 1 year

    I'm trying to recover my files from a now broken Antergos install, and have run into trouble because the user/non-boot partition is encrypted with LUKS encryption.

    I'm booting from an Ubuntu 18.04 bootable USB drive so I can backup the directories where I had data I wanted, and didn't realize it was encrypted until I went to go view the partition in the file explorer, and it didn't show up. It was suggested to me that it may not be mounted, and after looking at GParted it's clear that that was the problem, and it seems like it wasn't mounted because it's encrypted (prior experiences with backing up before reinstalling or switching distros never involved any problems with the partition I was recovering files from not being mounted).

    As some additional information:

    1. I have the password that was required in order to boot and get to the greeter. I'm operating under the assumption that that's my encryption key, but I may be mistaken, I'm rather out of my depth here.
    2. The partition/volume in question is sda3 (not sure which is the correct term) and in addition to being encrypted it uses LVM. I'm not sure how that impacts things, but the impression I've gotten from the reading I've been doing to try and resolve this seems to suggest that it matters Screenshot of GParted's details regarding sda3
    3. I initially tried to mount the partition via the command line trying two different methods, and both returned different errors. Unfortunately I let my computer die because I walked away from my computer for a while before trying again, and I can't find any of the pages I was referencing and attempting to follow along with, or commands I tried, or errors I got back. The error I can provide is that when I tried to follow this guide the command: "cryptsetup luksOpen /dev/sda3/ recoverytarget" returned: "Device /dev/sda3/ doesn't exist or access denied." I assume that I need to mount the partition before I can de-encrypt it, but again I may be mistaken Guide I was following and the terminal where I was following along

    it's been a while since I worked on any of my Linux machines, and I'm not the most technically competent or linux experienced person in the world, so please forgive any instances where it's painfully clear I don't understand something

    EDIT/UPDATE: The error I was getting was because I wasn't running the command with sudo in front, so now I officially feel stupid, but I'm now running into a different problem where "sudo mkdir /mnt/recoverytarget && mount /dev/mapper/recoverytarget /mnt/recoverytarget" returns: "mount: only root can do that"

    • G-Man Says 'Reinstate Monica'
      G-Man Says 'Reinstate Monica' almost 6 years
      Try the command(s) with /dev/sda3, without the / at the end.
    • Christen Edmundson
      Christen Edmundson almost 6 years
      turns out the problem described in the post initially was a result of the omission of sudo, rather than the usage of /
    • AlexP
      AlexP almost 6 years
      That's obviously sudo mount, because only root can do that.
    • roaima
      roaima almost 6 years
      I'd suggest you get yourself a root shell and (very carefully) use that instead of having to remember to prefix everything with sudo. The command sudo -s will get you one of those.
  • Mikolasan
    Mikolasan about 3 years
    You might need to activate a volume group before you will be able to mount any volume from it: sudo vgchange -ay VG_NAME_GOES_HERE.
  • Jari Turkia
    Jari Turkia almost 3 years
    Also before closing vgchange -an is required.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to remove LUKS encryption?
"No key available with this passphrase" with a newly-created DM-CRYPT / LUKS partition
How do I move/home folder to a luks encrypted external drive?
Won't boot (drop to busybox) after kernel upgrade (with encrypted disks)
"Guided - use entire disk and set up encrypted LVM" LUKS or plain dm-crypt?
Recover data from formatted LVM (Luks, Ext3) after Ubuntu installed over it
Ecrypfts to LUKS on ext4 partition
How do I get Grub2 to boot a Truecrypt-encrypted MBR?
How to recover data from old encrypted hard drive?
LUKS hdd encryption: Maximum maximum password length?