Some years ago I created an encrypted partition on an external drive. Recently the controller seems to have died and I tried a data recovery using Testdisk. There is one NTFS partition which I could recover. In Testdisk I can even see the LUKS partition as 2 partitions: one I can recognize as the LUKS header and the other seems to be some other partition that starts where hte LUKS header starts and end where the disk ends:
estDisk 7.1, Data Recovery Utility, July 2019
Christophe GRENIER <firstname.lastname@example.org>
Disk /dev/sdb - 4000 GB / 3726 GiB - CHS 486401 255 63
Partition Start End Size in sectors
>* HPFS - NTFS 0 32 33 269464 5 45 4328937472 [Externe]
D Linux 269464 5 46 269464 70 46 4096
D Linux 269464 5 46 486397 33 36 3485030400
Question for me is,: How to recover this partition? It seems the data is there but how do I set up the partitions? Do I recover both? Only the first one?
gparted told me there is an issue with overlapping partitions. I thought it is because the NTSF partition ends on the same cylinder the LUKS partition starts but have since learned that it is supposed to be like that. gparted recognises the NTFS partition but sees the LUKS partition as unknown.
It’s very unusual that the LUKS header is in its own partition, perhaps the partition table got altered by some tool.
Post the output of lsblk -f and sudo blkid for that external disc.
Goal is to try address that header partition in the cryptsetup command separately, e.g.:
sudo cryptsetup open /dev/sdb3 my_crypt_part --header /dev/sdb2
So, it’s one partition we look at, /dev/sdb2 in above output. cryptsetup will not recognise it like this anymore, no. A luks partition entry would have partition “TYPE=crypto LUKS” listed in both, lsblk and blkid.
Whatever you do now, don’t attach the disc while Windows is booted and ideally turn off Linux automount or change it to read-only for the external disc sdb.
I suppose this is after gparted’s “correction” of overlap you mentioned earlier. How did you try to restore it? What command did you run?
Does testdisc still recognise two Linux partitions like in your OP? If yes, we should try to write the supposedly header into a separate file (somewhere on sda) and see if cryptsetup recognises it as a --header.