disk encryption
Robert Nichols
rnicholsNOSPAM at comcast.net
Fri Jan 15 15:58:04 UTC 2016
On 01/14/2016 08:40 PM, Jeffrey Ross wrote:
> I installed Fedora 23 on a Laptop a while back and I decided to use disk
> encryption. At this point I find the disk encryption to be more of a
> hindrance and would like to remove it.
>
> Am I correct that it may simply be easier to re-install the system
> rather than try to remove the encryption or is there an easy way to
> remove it?
It can be done, but you'd damned well better have a good backup since
any mistake or glitch will probably be fatal.
1. Determine the size of the LUKS header. (I'll use /dev/sda1 as the
encrypted partition -- yours may differ.)
cryptsetup luksDump /dev/sda1 | grep "Payload offset"
That offset is the number of 512-byte sectors, probably 4096. If
different, replace "4096" with the correct number in everything
that follows.
2. Unlock the partition:
cryptsetup luksOpen /dev/sda1 mysource
3. Copy the decrypted data directly back to the partition at the
correct offset (4096 sectors assumed here):
dd if=/dev/mapper/mysource bs=$((4096*512)) of=/dev/sda1 seek=1
4. Adjust the partition table to add 4096 sectors to the starting
LBA for sda1 without moving the ending LBA.
5. Zero out the LUKS header:
dd if=/dev/zero bs=$((4096*512)) count=1 of=/dev/sda1
6. Make adjustments to /etc/fstab and any GRUB references to the
formerly encrypted partition.
7. Say a prayer and boot your system.
Oh yes, it's absolute necessary to do this from some recovery media
with the partition unmounted.
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
More information about the users
mailing list