Greetings to all. When installing Kali, Linux encrypted the partition headers and decided to experiment with deleting them and then restoring them. I’ll describe step by step how I did everything:
Since the modern version of cryptsetup no longer supports the luksAddNuke function for adding a password to self-destruct headers, I installed an analog patch from the Kali Linux repositories
apt install cryptsetup-nuke-password
Next, I set the password to self-destruct the headers and confirmed it
dpkg-reconfigure cryptsetup-nuke-password
Then I made a backup copy of the LUKS headers and encrypted it
cryptsetup luksHeaderBackup /dev/sda5 --header-backup-file luksheader.back
openssl enc -aes-256-cbc -salt -pbkdf2 -iter 10000 -in luksheader.back -out luksheader.back.enc
After that, I transferred two files (luksheader.back, luksheader.back.enc) to a USB flash drive and entered the nuke password when the system rebooted
After that, I was no longer able to log in with the correct header decryption password
Next, I booted up using Kali-live and I transferred two of my files from a USB flash drive to the Home folder
Next, I decrypted the backup and used the command to restore the headers
openssl enc -d -aes-256-cbc -pbkdf2 -iter 10000 -in luksheader.back.enc -out luksheader.back
cryptsetup luksHeaderRestore /dev/sda5 --header-backup-file luksheader.back
After that, I checked the status of the headers
cryptsetup luksDump /dev/sda5
But keyslots are still unavailable!!!
I tried simpler backup encryption methods, I also tried without backup encryption at all, I tried not to use a USB flash drive, but to create these files on another hard drive, which was then available to me in the Kali-live system, but the result is exactly the same.
Please tell me, what mistakes did I make that didn’t work out? Maybe it’s just a patch that doesn’t provide the ability to restore headers, or it just doesn’t work with this version of cryptsetup. If the patch doesn’t work, maybe there are analogues of the nuke function? if so, tell me how I can solve this problem. Thank you in advance for your reply!