How to decrypt disk on Linux?

installation

#1

Bonjour,

I have chosen to encrypt the Hard Disk during installation. In order to increase partition, I need to decrypt the Hard Disk. So, my question is how to decrypt disk on Linux?
Do you have any idea?

Regards,

Le loup

Top


#2

From what I have just read elsewhere, it is not possible to unencrypt the drive without destroying the data on it. If that is correct, then you need to log in as usual, copy all of your personal data onto an external media. Then, shut down and reboot with a live USB. Once at the live desktop, open Gparted and completely delete all the encrypted partitions on the drive. Then reboot and reinstall your OS.

I may be wrong about this and there may be another way to unencrypt the drive without also losing the data. So, you should wait to see if anyone else has a solution


#3

Thank you for your message.
I ask myself the question differently. Can't we increase the size of the encrypted partition?


#4

Hi, it can be done depending on how the encryption is set up (idk exactly how Ubuntu handles it), but usually it is not worth the trouble unless you can't reinstall or are trying to test how to do it, especially because you also need a backup of the data before attempting this too. Here is an example using LVM in a LUKS encrypted device https://wiki.archlinux.org/index.php/Resizing_LVM-on-LUKS (as you can see it is a lengthy process even though the LVM steps might not apply to your setup)
You can check if the partition is encrypted with LUKS with the following command:
sudo cryptsetup isLuks /dev/sdaX ; echo $?
replacing a with the disk letter and X with the partition number. 0 would be yes 1 would be no.


#5

Bonjour Asta1986,
Thank you for your message and your help.
sudo cryptsetup isLuks /dev/sdaX ; echo $? delivered '$' So, I don't have any more information. Something is missing.
https://wiki.archlinux.org/index.php/Resizing_LVM-on-LUKS is an interesting site.
https://help.ubuntu.com/community/ResizeEncryptedPartitions is good as well.
These two articles gave to me some helps.
Regards,
Leloup


#6

You haven't mentioned whether it's the LUKS Encrypted LVM installation or not.
If you have LVM and you learn some LVM commands you probably won't need to resize your partition. Just allocate another partition in the same disk or even in another drive as an LVM physical volume. Then extend your volume group to include the new physical volume and extend your logical volume into it.

I'm a bit rusty on LVM right now to be honest, it's been a while since I last experimented with it, but it's well worth learning. But you're better of practicing with tutorials first on empty partitions in USB drives or something like that before you try doing anything with an installed operating system with data in it. (Back up your data first when you do too). But LVM is great and the reason why it's used is to make things easier for us.

I once had Ubuntu installed in one USB flash memory stick and extended it over three more sticks on a hub, and that was able to be down within the operating system while it was booted and running. Resizing smaller requires and auxilliary operating system though, or a Live CD or Live USB.
I do still have plenty of old notes, but I would need to run through some LVM commands again and practice again myself and refresh my memory to be able to give anybody any exact instructions.


#7

Bonjour Astra1986,

Ooops! I have forgotten the question mark (?). That works. It is fun.
Thank you
Leloup


#8

Bonjour Herman,

Thank you for your message.
I can enlarge the encrypted partition. That is OK.
Now I am trying to reduce an encrypted partition. I can't do it.
[email protected]:~$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
loop0 7:0 0 1.8G 1 loop /rofs
loop1 7:1 0 87.9M 1 loop /snap/core/5662
loop2 7:2 0 140.9M 1 loop /snap/gnome-3-26-1604/70
loop3 7:3 0 2.3M 1 loop /snap/gnome-calculator/238
loop4 7:4 0 13M 1 loop /snap/gnome-characters/124
loop5 7:5 0 14.5M 1 loop /snap/gnome-logs/45
loop6 7:6 0 3.7M 1 loop /snap/gnome-system-monitor/57
loop7 7:7 0 42.1M 1 loop /snap/gtk-common-themes/701
sda 8:0 0 36.1G 0 disk
├─sda1 8:1 0 731M 0 part
├─sda2 8:2 0 1K 0 part
└─sda5 8:5 0 35.4G 0 part
sdb 8:16 1 14.5G 0 disk
└─sdb1 8:17 1 14.5G 0 part /media/ubuntu/ESD-USB
sr0 11:0 1 1.9G 0 rom /cdrom
[email protected]:~$ sudo cryptsetup isLuks /dev/sda5 ; echo $?
0
[email protected]:~$ sudo apt-get update && sudo apt-get install lvm2 cryptsetup
[email protected]:~$ sudo modprobe dm-crypt
[email protected]:~$ sudo vgscan --mknodes
[email protected]:~$ sudo vgchange -ay
[email protected]:~$ sudo cryptsetup luksOpen /dev/sda5 crypt1
Enter passphrase for /dev/sda5:
[email protected]:~$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
loop0 7:0 0 1.8G 1 loop /rofs
loop1 7:1 0 87.9M 1 loop /snap/core/5662
loop2 7:2 0 140.9M 1 loop /snap/gnome-3-26-1604/70
loop3 7:3 0 2.3M 1 loop /snap/gnome-calculator/238
loop4 7:4 0 13M 1 loop /snap/gnome-characters/124
loop5 7:5 0 14.5M 1 loop /snap/gnome-logs/45
loop6 7:6 0 3.7M 1 loop /snap/gnome-system-monitor/57
loop7 7:7 0 42.1M 1 loop /snap/gtk-common-themes/701
sda 8:0 0 36.1G 0 disk
├─sda1 8:1 0 731M 0 part
├─sda2 8:2 0 1K 0 part
└─sda5 8:5 0 35.4G 0 part
└─crypt1 253:0 0 35.4G 0 crypt
├─mint--vg-root 253:1 0 31.4G 0 lvm
└─mint--vg-swap_1 253:2 0 4G 0 lvm
sdb 8:16 1 14.5G 0 disk
└─sdb1 8:17 1 14.5G 0 part /media/ubuntu/ESD-USB
sr0 11:0 1 1.9G 0 rom /cdrom
[email protected]:~$ sudo pvdisplay -m
--- Physical volume ---
PV Name /dev/mapper/crypt1
VG Name mint-vg
PV Size <35.41 GiB / not usable 2.00 MiB
Allocatable yes
PE Size 4.00 MiB
Total PE 9064
Free PE 5
Allocated PE 9059
PV UUID N6UtLS-GIbd-qf3o-V8s0-2dIa-Z7hM-fzdzKT

--- Physical Segments ---
Physical extent 0 to 8035:
Logical volume /dev/mint-vg/root
Logical extents 0 to 8035
Physical extent 8036 to 9058:
Logical volume /dev/mint-vg/swap_1
Logical extents 0 to 1022
Physical extent 9059 to 9063:
FREE
[email protected]:~$ sudo e2fsck -f /dev/mapper/mint--vg-root
e2fsck 1.44.4 (18-Aug-2018)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/dev/mapper/mint--vg-root: 286480/2060352 files (0.1% non-contiguous), 1771505/8228864 blocks
[email protected]:~$ sudo resize2fs -p /dev/mapper/mint--vg-root 24g
resize2fs 1.44.4 (18-Aug-2018)
Resizing the filesystem on /dev/mapper/mint--vg-root to 6291456 (4k) blocks.
Begin pass 2 (max = 132335)
Relocating blocks XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Begin pass 3 (max = 252)
Scanning inode table XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Begin pass 4 (max = 23985)
Updating inode references XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The filesystem on /dev/mapper/mint--vg-root is now 6291456 (4k) blocks long.
[email protected]:~$ sudo e2fsck -f /dev/mapper/mint--vg-root
e2fsck 1.44.4 (18-Aug-2018)
Pass 1: Checking inodes, blocks, and sizes
Inode 79718 extent block passes checks, but checksum does not match extent
(logical block 12288, physical block 401916, len 944)
Fix? yes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/dev/mapper/mint--vg-root: 286480/1569792 files (0.1% non-contiguous), 1739691/6291456 blocks
[email protected]:~$ sudo e2fsck -f /dev/mapper/mint--vg-root
e2fsck 1.44.4 (18-Aug-2018)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/dev/mapper/mint--vg-root: 286480/1569792 files (0.1% non-contiguous), 1739691/6291456 blocks
[email protected]:~$ sudo pvdisplay -m
--- Physical volume ---
PV Name /dev/mapper/crypt1
VG Name mint-vg
PV Size <35.41 GiB / not usable 2.00 MiB
Allocatable yes
PE Size 4.00 MiB
Total PE 9064
Free PE 5
Allocated PE 9059
PV UUID N6UtLS-GIbd-qf3o-V8s0-2dIa-Z7hM-fzdzKT

--- Physical Segments ---
Physical extent 0 to 8035:
Logical volume /dev/mint-vg/root
Logical extents 0 to 8035
Physical extent 8036 to 9058:
Logical volume /dev/mint-vg/swap_1
Logical extents 0 to 1022
Physical extent 9059 to 9063:
FREE

[email protected]:~$ sudo lvreduce -L -10G /dev/mapper/mint--vg/root
WARNING: Reducing active logical volume to 21.39 GiB.
THIS MAY DESTROY YOUR DATA (filesystem etc.)
Do you really want to reduce mint-vg/root? [y/n]: y
Size of logical volume mint-vg/root changed from 31.39 GiB (8036 extents) to 21.39 GiB (5476 extents).
Logical volume mint-vg/root successfully resized.
[email protected]:~$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
loop0 7:0 0 1.8G 1 loop /rofs
loop1 7:1 0 87.9M 1 loop /snap/core/5662
loop2 7:2 0 140.9M 1 loop /snap/gnome-3-26-1604/70
loop3 7:3 0 2.3M 1 loop /snap/gnome-calculator/238
loop4 7:4 0 13M 1 loop /snap/gnome-characters/124
loop5 7:5 0 14.5M 1 loop /snap/gnome-logs/45
loop6 7:6 0 3.7M 1 loop /snap/gnome-system-monitor/57
loop7 7:7 0 42.1M 1 loop /snap/gtk-common-themes/701
sda 8:0 0 36.1G 0 disk
├─sda1 8:1 0 731M 0 part
├─sda2 8:2 0 1K 0 part
└─sda5 8:5 0 35.4G 0 part
└─crypt1 253:0 0 35.4G 0 crypt
├─mint--vg-root 253:1 0 21.4G 0 lvm
└─mint--vg-swap_1 253:2 0 4G 0 lvm
sdb 8:16 1 14.5G 0 disk
└─sdb1 8:17 1 14.5G 0 part /media/ubuntu/ESD-USB
sr0 11:0 1 1.9G 0 rom /cdrom
[email protected]:~$ sudo e2fsck -f /dev/mapper/mint--vg-root
e2fsck 1.44.4 (18-Aug-2018)
The filesystem size (according to the superblock) is 6291456 blocks
The physical size of the device is 5607424 blocks
Either the superblock or the partition table is likely to be corrupt!
Abort? yes
[email protected]:~$ sudo pvdisplay -m
--- Physical volume ---
PV Name /dev/mapper/crypt1
VG Name mint-vg
PV Size <35.41 GiB / not usable 2.00 MiB
Allocatable yes
PE Size 4.00 MiB
Total PE 9064
Free PE 2565
Allocated PE 6499
PV UUID N6UtLS-GIbd-qf3o-V8s0-2dIa-Z7hM-fzdzKT

--- Physical Segments ---
Physical extent 0 to 5475:
Logical volume /dev/mint-vg/root
Logical extents 0 to 5475
Physical extent 5476 to 8035:
FREE
Physical extent 8036 to 9058:
Logical volume /dev/mint-vg/swap_1
Logical extents 0 to 1022
Physical extent 9059 to 9063:
FREE

[email protected]:~$ sudo pvresize --setphysicalvolumesize 24G /dev/mapper/crypt1
/dev/mapper/crypt1: Requested size 24.00 GiB is less than real size <35.41 GiB. Proceed? [y/n]: y
WARNING: /dev/mapper/crypt1: Pretending size is 50331648 not 74256384 sectors.
/dev/mapper/crypt1: cannot resize to 6143 extents as 6499 are allocated.
0 physical volume(s) resized / 1 physical volume(s) not resized
[email protected]:~$
Something is wrong....


#9

Hello Leloup

On the positive side, you have solved your own thread, 'Unlocking an Encrypted Volume'

 sudo apt-get update && sudo apt-get install lvm2 cryptsetup  
sudo modprobe dm-crypt 
sudo cryptsetup luksOpen /dev/sda5 crypt1

that's pretty good.

I am sorry to be so slow responding but it's not my fault, my internet cable was cut a few times and I'm in a remote area. It only takes them a second to cut the wire but then it takes them a week to travel back and fix it again. Then the next day the other tech cuts it again....

I have been running a few experiments of my own and refreshing my knowledge of LUKS and LVM and I have a couple of more things to add here which also pertain to the title of your thread.

To test a few things I installed of Ubuntu MATE 18.04.2 in a disk with LUKS and LVM, dual booting with my regular of Ubuntu MATE 18.04.2 operating system.
GRUB has a module called luks.mod as well as it's lvm.mod, and my other of Ubuntu MATE 18.04.2 installation's GRUB was able to boot the new encrypted installation without any problems. That's pretty cool I think. So there's another way of decrypting a LUKS volume.

Besides that, Ubuntu MATE 18.04.2 seems to come with lvm2 and cryptsetup already installed as standard, and I think it has for some time. To check that I booted back into the Live CD (USB) and started caja, (any directory), and went to computer:/// and double-clicked on the icon for the encrypted file system. A dialog box popped up asking for a LUKS passphrase to unlock the encrypted volume. So there is a third way of doing it.

As for your LVM adventures, just remember we have a file system inside a logical volume and the logical volume is in a volume group and the volume group is composed of physical volumes. LVM is a little bit like an egg inside an egg inside another egg basically. We can make an inner egg smaller than an outside egg but we can't make it larger or make the other egg smaller than what is inside it. If it helps, try making notes and drawing a diagram on paper, or use another computer with a spreadsheet.

We can add more physical volumes and extend the PV and then extend the VG and then extend out LVs. It's possible to run lvextend with the -r option if we have an ext file system, and that will cause the file system to be resized for us automatically. We can even do that from inside the running operating system.
With reducing, it's the opposite. We mostly would need to work from another operating system or a live CD or USB, and we would use lvreduce with the -r option for reducing the LV, and then reduce the VG, and finally the PV.

I am also having fun. I expanded my experimental LUKS LVM installation out over two other empty disks with empty partition tables to see for myself if it's true LVM doesn't need partitions, we can use entire disks. That worked fine, (as expected).

But then I tried to see if I could copy the separate /boot to a USB and delete the /boot partition and register the USB partition as /boot in /etc/fstab but something went wrong. I think an accident might have happened when I used GParted to delete /boot. GRUB is now saying it can't find the LUKS container anymore. I don't know if I'll bother trying to fix it this time. I might just re-install with LVM only and no encryption, it slows the OS down too much anyway. I just feel like playing around with LVM and I'll get back to investigating the capabilities of GRUB's luks.mod some other time.

Regards from Herman