How to mount an old encrypted disk on Ubuntu

I've got an old hard disk, containing an encrypted partition with a file system on it. It was created (and used) several years ago, the way it was done back then was using losetup with the twofish encryption (via kernel module loop_fish2) and then mounting the loop device prepared this way.

Nowadays this is not possible out of the box anymore. The kernel module is not part of the distributions, etc.

Does anybody know a way how to achieve my goal?

EDIT:

I found some hints in this cryptsetup manpage to use it with the options --cipher twofish-cbc-null -s 256 -h sha512 but I get a rather surprising error message:

$ sudo cryptsetup --cipher twofish-cbc-null  -s  256 -h sha512 luksOpen /dev/sdd1 dm0
Usage: cryptsetup [-?vyrq] [-?|--help] [--usage] [--version] [-v|--verbose] [--debug]
    [-c|--cipher=STRING] [-h|--hash=STRING] [-y|--verify-passphrase] [-d|--key-file=STRING]
    [--master-key-file=STRING] [--dump-master-key] [-s|--key-size=BITS]
    [-l|--keyfile-size=bytes] [--new-keyfile-size=bytes] [-S|--key-slot=INT]
    [-b|--size=SECTORS] [-o|--offset=SECTORS] [-p|--skip=SECTORS] [-r|--readonly]
    [-i|--iter-time=msecs] [-q|--batch-mode] [-t|--timeout=secs] [-T|--tries=INT]
    [--align-payload=SECTORS] [--header-backup-file=STRING] [--use-random] [--use-urandom]
    [--shared] [--uuid=STRING] [--allow-discards] [--header=STRING]
    [OPTION...] <action> <action-specific>]
cryptsetup: Option --key-size is allowed only for luksFormat, create and loopaesOpen.
To limit read from keyfile use --keyfile-size=(bytes).

An explanation or workaround or any other help on that would also be appreciated :-}

Alfe

Posted 2013-03-08T22:29:42.707

Reputation: 263

1Couldn't you just recreate what you used to encrypt it and then take the decrypted files and copy them over to the regular drive – Griffin – 2013-03-08T22:35:12.357

That would mean to set up an old SuSE from around 2007 or so (I'm not sure anymore from when this was, could be some years more or less). That doesn't sound easy. I hoped to be able to mount that thing on a modern ubuntu. – Alfe – 2013-03-08T22:50:15.987

The only way this would work is if you will to find a distro that supports this module or add the support yourself. – Ramhound – 2013-03-08T23:40:21.830

I hope there is a workaround using cryptsetup (8) or the kernel module cryptoloop; documentation of those sometimes mention a support for an obsolete loop_fish2. – Alfe – 2013-03-08T23:47:54.090

Answers

I found a solution:

losetup /dev/loop1 /dev/sdb1 
cryptsetup --hash ripemd160:20 --cipher twofish-cbc-null --key-size 192 create secret_img /dev/loop1
mount /dev/mapper/secret_img /media/mountpoint

I reactivated an old laptop with Ubuntu 8.04 installed on which I solved this issue once, with the help of the Internet back then. Apparently the Internet did not keep the information on how to solve this long enough, so I was lucky to have that old hardware still up and running :) And the code still works on a current Ubuntu 12.04.

Alfe

Posted 2013-03-08T22:29:42.707

Reputation: 263

1You helped me to read one old backup disk from 2008. There's no need for losetup, as it only creates block devices from files. And with disk usb adapter, the old Ubuntu 8.04 can be installed into VMWare. – Petr – 2016-04-12T11:05:09.437

These commands work with newest Ubuntu 16.04 for disk created with default cryptsetup values on Ubuntu 8.04:

cryptsetup open /dev/sdb1 usbdisk --type plain -c aes-cbc-plain
mount /dev/mapper/usbdisk /mnt

Removing:

umount /mnt
cryptsetup close usbdisk

Petr

Posted 2013-03-08T22:29:42.707

Reputation: 140

Thanks for the info, but I guess that won't fit my old disk which was encrypted using stuff like loop_fish2 ;-) – Alfe – 2016-04-12T13:32:04.737

2Sure. That answer is just "for the record" in case someone with the similar problem ends here (just like me). – Petr – 2016-04-12T13:37:56.213

For those encrypted with aes128 (or with a combination of loopaes.sh and hashalot), the following needs to be used instead of loopaes.sh:

cryptsetup open _path_to_device_or_file_ SOME_NAME  --type plain  -c aes -s 128 -h sha256

mount /dev/mapper/SOME_NAME /media/new_mount_point/

Example:

cryptsetup open /dev/sdb1 secret_img  --type plain  -c aes -s 128 -h sha256

mount /dev/mapper/secret_img /media/mountpoint

VanagaS

Posted 2013-03-08T22:29:42.707

Reputation: 151