I've an image backup file of my harddisk, which consists of three partitions (sudo fdisk -l /mnt/hdd/19_02.img
):
Device Start End Sectors Size Type
/mnt/hdd/19_02.img1 2048 1050623 1048576 512M EFI System
/mnt/hdd/19_02.img2 1050624 34686975 33636352 16G Linux swap
/mnt/hdd/19_02.img3 34686976 976773134 942086159 449.2G Linux filesystem
The third partition ist of type crypto_LUKS
. If it wouldn't be encrypted I could mount it with sudo mount -o loop,offset=$(expr 512 \* 34686976) /mnt/hdd/19_02.img /mnt/img
, which results in mount: /mnt/img: unknown filesystem type 'crypto_LUKS'.
What I've tried
sudo cryptsetup luksOpen /mnt/hdd/19_02.img3 img
results in Device /mnt/hdd/19_02.img3 doesn't exist or access denied.
sudo cryptsetup plainOpen --offset=$(expr 512 \* 34686976) /mnt/hdd/19_02.img img
asks for my passphrase which also gets accepted, but returns with Requested offset is beyond real size of device /mnt/hdd/19_02.img.
Alright, maybe cryptsetup
does multiply the offset value with the block size by itself.
sudo cryptsetup plainOpen --offset=34686976 /mnt/hdd/19_02.img img
asks for my passphrase which also gets accepted and returns fine. But sudo mount /dev/mapper/img /mnt/img
complains mount: /mnt/img: wrong fs type, bad option, bad superblock on /dev/mapper/img
. Analysing with sudo lsblk -f /dev/mapper/img
shows there is no filesystem recognized.
NAME FSTYPE LABEL UUID FSAVAIL FSUSE% MOUNTPOINT
img
The encrypted device was created by LUKS
mode, so it properly makes not much sense opening it with plainOpen
. But luksOpen
doesn't offer an --offset
option.
Doing sudo cryptsetup luksOpen --offset=34686976 /mnt/hdd/19_02.img img
results in cryptsetup: Option --offset is supported only for open of plain and loopaes devices and for luksFormat
. (Didn't tried luksFormat
, but it sets up the LUKS device header and encrypts the master-key.)
The question after all
How to do cryptsetup luksOpen
with offset on an image file?
Best Answer
fdisk
is being a bit stupid here: when displaying device names for the partitions, it just takes the name of the whole-disk device given to it, and appends the partition number (prefixed withp
if the last character of the whole-disk device name is also a number). It does this without checking if a device by that name actually exists or not.In other words, if your image file is named
/mnt/hdd/19_02.img
and you're usingfdisk
to examine it directly, then partition names like/mnt/hdd/19_02.img3
are completely fictional and unusable.Instead of trying to calculate offsets manually, you could simply attach the image file into a loop device and have it automatically detect the partitions for you:
If your system is new enough to support the
-P
option forlosetup
, you should now have partition devices like/dev/loop0p1
,/dev/loop0p2
and/dev/loop0p3
appearing automatically.For older distributions with no partitioned loop device support, you can use the
kpartx
command (may come with thedevice-mapper-multipath
tools if not packaged separately) for the same purpose. In that case, you'll have to perform two steps and the device names will be slightly different:When using
kpartx
like this, the partition devices will appear under/dev/mapper
, e.g./dev/mapper/loop0p1
and so on.Now you should be able to do either
or
depending on whether you used
losetup -P
orkpartx
to handle the partition devices.After you're done accessing the image, unmount any mounted filesystems on the partition devices,
sudo cryptsetup luksClose
the encrypted image, then undo the loop device binding:If you used
kpartx
, first runsudo kpartx -d /dev/loop0
to release the partition devices. If you usedlosetup -P
, this step is not needed.Then, release the loop device:
sudo losetup -d /dev/loop0
.