dislocker works with password but fails with recovery key when FIPS is activated

[romanoju]

Have a strange situation. A disk partition bitlocked in windows (10) can be unlocked in windows with either the passkey or the recovery-key. However in ubuntu (3., it can be unlocked with the passkey but NOT with the recovery key.

#:~$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 12.04.2 LTS Release: 12.04 Codename: precise

kernel: 3.16.7

Attached are the outputs (stdout) of both commands. One with a passkey (works) the other with the recovery-key (Fails). dislocker-pwd-falcon.log dislocker-recoverykey-falcon.log

Any ideas? Has anybody seen this?

[romanoju]

"Have a strange situation. A disk partition bitlocked in windows (10) can be unlocked in windows with either the passkey or the recovery-key. However in ubuntu (3., it can be unlocked with the passkey but NOT with the recovery key." I just found out that the user who encrypted the drive in WIndows 10 may have enabled FIPS. Not sure if this is the problem. Does dislocker support FIPS-enabled bitlocker drives? If so, what is the procedure to recover such drives?

[romanoju]

Yes. Ubuntu 12.04.2.LTS

From: superbonaci [mailto:[email protected]] Sent: Tuesday, April 17, 2018 1:57 AM To: Aorimn/dislocker Cc: Juan Romano; Author Subject: Re: [Aorimn/dislocker] dislocker works with password but fails with recovery key (#141)

Running ubuntu 2012?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/Aorimn/dislocker/issues/141#issuecomment-381907882, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AklixT_Y1kCBMpx_-VV9eMx_63WeiFY-ks5tpa5DgaJpZM4TUWPV.

[Aorimn]

I don't think I ever tested FIPS-enabled bitlocker drives, so I don't have any information about the support or not of this feature.

[thinrope]

Well, it may be Windows release version dependent... https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies#bkmk-fipssupport

[Aorimn]

That indeed confirms the issue, thanks @thinrope !

@romanoju: I've edited the issue's subject to reflect the real problem, I hope you don't mind. This is indeed a limitation in dislocker right now.

[romanoju]

That’s fine. Thanks.

From: Aorimn [mailto:[email protected]] Sent: Wednesday, May 16, 2018 11:38 PM To: Aorimn/dislocker Cc: Juan Romano; Mention Subject: Re: [Aorimn/dislocker] dislocker works with password but fails with recovery key when FIPS is activated (#141)

That indeed confirms the issue, thanks @thinropehttps://github.com/thinrope !

@romanojuhttps://github.com/romanoju: I've edited the issue's subject to reflect the real problem, I hope you don't mind. This is indeed a limitation in dislocker right now.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Aorimn/dislocker/issues/141#issuecomment-389760789, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AklixaKZxv6Ay1aeKmIlQKrjeL7j-qDNks5tzRrRgaJpZM4TUWPV.

[eddiek2000]

Son of a gun. This is the same problem I had. Any work towards supporting the FIPS enabled bitlocker?

See Unlocking via Recovery Key #108

[Aorimn]

There's no work done toward this goal right now.

[opoplawski]

This would be very helpful for us - do we even know where to start on this?

[bf]

This still remains an issue, and I'd be willing to work on it. Any pointers where to start?