Restore my laptop

[mhdali]

Hello, Thanks for any advice/help in advance!

TL;DR; I accidentally overwrite my Yubikey slot “2” (using ykpersonalize), and my laptop is now failed to decrypt my volume.

I have 2 devices that are already encrypted.

1. Laptop, Archlinux, LVM volume encrypted using LUKS, and I configured Yubikey for 2FA to decrypt the volume.
2. Desktop, Debian, LVM encrypted using LUKS and decryption is using passphrase key.

Yesterday, I was trying to add Yubikey into my desktop for 2FA (While keeping passphrase as key slot 0, for backup), I run ykpersonalize command which overwrite the existing key that I was using for my laptop. Thinking that my laptop has passphrase as backup too. However, today morning, when I was trying to login to my laptop, I couldn’t decrypt the volume and every time I put the Yubikey passphrase, it just respond:

FAILED! [2] No key available with this passphrase.

When running cryptsetup luksDump <LVM_physical_volume> it just shows that I only have one key slot.

Is there anything I can do to restore my Yubikey to work on my laptop?

Thanks

[Vincent43]

I'm afraid it's not possible to recover yubikey secret otherwise it would be the fatal flaw in yubikey security. We warn about this in readme. I hope you have a backup of lost data.

Did you decrypt your laptop with yubikey from the beggining at the time you created LUKS container or did you added it some time afterwards? In the latter case if you had some backup of original disk image then you could restore old luks header in place of the current one.

[agherzan]

Indeed, a header backup would be of use here. I hope you'll be able to restore your data.

Closing this issue.