My encrypted Synology volume crashed. What do I do first?
Power the NAS down now and do not click Repair in Storage Manager. On a degraded encrypted array, a rebuild can overwrite the LUKS header and destroy access permanently. DSM 7.2 uses AES-256-XTS block-level encryption (aes-xts-plain64). Recovery means imaging every drive, reconstructing the SHR/mdadm and LVM stack offline, and opening the LUKS container with your passphrase, your exported recovery key, or the wrapped master key extracted from the Encryption Key Vault on the system partition. Without one of those three, the data is mathematically unrecoverable. All work happens at our Austin, TX lab. Free evaluation, no data = no charge.
Synology Encrypted Volume Data Recovery
Your Synology is asking for a Recovery Key you cannot find, or an encrypted volume crashed and will not mount. Before you touch anything, power the unit down. We recover Synology DSM 7.2 LUKS volumes and legacy eCryptfs shared folders through Synology NAS data recovery built on member-by-member imaging and offline reconstruction. Every drive is cloned through a write-blocker before any analysis begins, and all work happens at our Austin, TX lab. Free evaluation, no data = no charge.
How Is a DSM 7.2 Encrypted Volume Actually Built?
A DSM 7.2 encrypted volume is a stack of standard Linux layers, with LUKS inserted between the logical volume and the filesystem. Synology does not write a filesystem to bare metal. Each layer can fail independently, and knowing which one failed determines whether recovery is a vanilla reassembly or a forensic decryption problem. None of these layers are proprietary black boxes.
- 1. Physical disks and partitions
- Every member drive is partitioned into
md0(DSM system, mirrored),md1(swap), andmd2and up (data). The Encryption Key Vault for local keys lives on the unencrypted md0 system partition, which is why a healthy or imageable md0 matters so much for recovery. - 2. mdadm software RAID
- The data partitions are combined into a Linux mdadm array. SHR is a management overlay on top of mdadm, not proprietary silicon: SHR-1 is a RAID 1 mirror on two drives or RAID 5 on three or more, and SHR-2 is RAID 6. A healthy array assembles on any Linux workstation with
mdadm --assemble --readonly. - 3. LVM logical volume
- The Storage Pool is an LVM volume group built on the mdadm device. Mixed-capacity SHR stacks several mdadm arrays across drive-size bands and joins them with LVM. The logical volume is activated on a workstation with
vgchange -ay. - 4. LUKS encryption layer (DSM 7.2)
- The logical volume is formatted as a LUKS container using
aes-xts-plain64with a 256-bit key. The LUKS header at the start of the volume stores the key-slot metadata and the encrypted master key. Inspecting it offline usescryptsetup luksDump. - 5. Btrfs or ext4 filesystem
- The filesystem is formatted inside the decrypted device-mapper payload. It is only reachable after the LUKS container is opened with the correct key, so an encryption failure looks identical to a filesystem failure from the DSM error message alone.
The recovery for an encrypted volume is the same SHR plus LVM plus filesystem workflow as an unencrypted Synology, with one LUKS decryption step inserted between LVM activation and the filesystem mount. That single step is also the one that has no software workaround when the key is gone.
What Is the Difference Between an Encrypted Shared Folder and Volume Encryption?
They are two different mechanisms at two different layers, and most recovery firms conflate them. Pre-DSM 7.2 shared-folder encryption uses eCryptfs at the file level on a plaintext volume. DSM 7.2 full-volume encryption uses LUKS at the block level, so the entire device is ciphertext. An upgraded NAS can hold both at once, so the first forensic job is identifying which one you are looking at.
| Attribute | eCryptfs (DSM 7.1 and earlier) | LUKS volume encryption (DSM 7.2+) |
|---|---|---|
| Layer | Stacked filesystem above Btrfs or ext4 | Block device between LVM and the filesystem |
| Scope | Individual files and filenames inside a shared folder | The entire logical volume as one ciphertext block device |
| On-disk signature | File-level entropy; an underlying plaintext directory tree is still visible | Block-level entropy; a LUKS header followed by high-entropy ciphertext |
| Key handling | Per-folder passphrase or key file unlocked at mount | Master key wrapped by the Encryption Key Vault; auto-mount uses a machine key |
| Notable limitation | Filename length capped at 143 characters | No key material means no access; the cipher cannot be bypassed |
A firm that markets a single fixed success rate for Synology recovery is usually carving an eCryptfs directory tree where the structure was visible, then implying the same applies to a LUKS volume where the whole block device is ciphertext. The two cases are not comparable.
Do You Need My Synology Encryption Key or Password?
Yes, in one form or another. DSM wraps the LUKS master key and stores it in an Encryption Key Vault so the volume can auto-mount at boot without you typing a passphrase every time. Recovery depends on getting an unwrapped master key from one of three sources, and the difference between having one and having none is the difference between a routine recovery and a mathematically dead volume.
- Where the local Key Vault lives
- For most prosumer setups the vault is stored locally on the unencrypted md0 system partition rather than on a remote KMIP server. If md0 is healthy or imageable, we can mount the RAID 1 system partition on a workstation and recover the wrapped key material from it.
- How the key is wrapped
- The LUKS master key is wrapped by a vault key. To allow auto-mount, DSM relies on a machine key held in the unit's internal flash rather than sealing the key to a hardware module. Synology DiskStation units do not use a hardware TPM for the vault. Even on models whose processor includes a firmware TPM, DSM does not bind the encryption keys to it, so the vault is software-wrapped and dependent on that internal flash.
- What we can do
- With the passphrase, the exported recovery key, or an extractable local Key Vault, we image every member, reassemble SHR/mdadm and LVM from the clones, open the LUKS container with
cryptsetup luksOpenagainst the recovered key, and extract Btrfs or ext4 normally. - What we cannot do
- Without any key source, there is no brute force, no manufacturer override, and no vendor backdoor. AES-256-XTS with a real key has a key space of 2 to the 256th power. That is not a hard problem we can throw hardware at; it is infeasible by a margin that does not shrink with time. When the key is gone, the answer is no.
Which Synology Encryption Keys Survive a Dead Chassis?
The single question that decides an encrypted recovery is which key artifact still exists, and the three artifacts DSM 7.2 uses do not fail the same way. Only the machine.key on the synoboot flash is bound to the chassis and dies with it. The wrapped key in the local Key Vault rides the md0 system partition, which is mirrored across the data drives, so it survives a dead chassis as long as those drives are imageable.
Only the exported recovery key can be stored off the NAS entirely, which makes it the survivability path you fully control. Healthy platters do not help when the chassis was reset or scrapped and no key path survived with the drives.
| Key artifact | Where it lives | What destroys it |
|---|---|---|
machine.key | The synoboot flash chip on /dev/synoboot; enables DSM auto-mount at boot | Factory reset, chassis swap, or scrapping the unit; bound to the hardware even when the data drives are intact |
.wkey | The wrapped master key inside the local Encryption Key Vault on the unencrypted md0 system partition | A corrupted or wiped system partition; recoverable only while md0 is healthy or imageable |
.rkey | The recovery key you exported at volume creation; the one artifact that can be stored off the NAS | Nothing on the unit; it is lost only if you never exported it or misplaced your own copy |
- Why the easy path is fragile
- The
machine.keyon/dev/synobootis what lets the volume auto-mount without you typing a passphrase. A factory reset, a chassis swap, or scrapping the unit destroys that auto-mount key path even when the data drives are physically intact, which severs the easy path and forces reliance on the recovery key you exported. Moving the drives to another body does not recreate a destroyed local key path, and a forced import or migration can overwrite the LUKS metadata you still need. - Local vault versus remote KMIP vault
- Most setups keep the Encryption Key Vault locally on the md0 system partition, so it shares the physical fate of your data drives rather than the chassis. A chassis swap kills the synoboot machine.key but leaves an intact md0 vault on the drives, which is the path we image and unwrap. DSM 7.2 also exposes a remote KMIP vault, where the wrapped key lives off the unit. A remote KMIP vault survives a chassis failure for that reason, but recovery then requires access to the KMIP server, meaning the KMIP database and valid client certificates. A severed KMIP connection blocks local auto-mount the same way a missing machine.key does.
- The only artifact under your control
- Because the
.rkeyis the one artifact that can live off the NAS, it is the survivability path you can guarantee in advance. If it was never exported and the on-unit key paths are gone, AES-256-XTS with no key is mathematically unrecoverable, the same honest limit that governs the rest of Synology NAS data recovery.
Why Is Rebuilding a Degraded Encrypted SHR Array Dangerous?
A rebuild on a degraded encrypted array can overwrite the LUKS header before you ever get to the decryption step, and it stresses already-marginal drives at the worst possible moment. The read load is the first reason. Consumer drives carry a worst-case rating of one unrecoverable read error per 10^14 bits read, roughly 12.5 TB of data. That is a warranty floor, not a schedule: most drives read far past it without a single URE. A rebuild that recalculates parity across a large array raises the probability of hitting a latent unreadable sector on a surviving member. Synology runs mdadm, which logs the bad LBA in its Bad Block Log and continues rather than dropping the whole array to failed, and SHR and Btrfs remap; but on a single-parity SHR-1 or RAID 5 that stripe has no second parity to reconstruct it, so it is permanently lost.
The second reason is specific to encryption. If the Synology controller writes recalculated parity over the start of the logical volume while the array is unstable, it can corrupt the LUKS header that holds the key-slot metadata and the encrypted master key. A damaged LUKS header makes the volume unrecoverable even when you still know the passphrase, which is why the first forensic step on any encrypted volume is cryptsetup luksHeaderBackup against a write-blocked image.
Shingled (SMR) member drives make this worse. During the sustained sequential writes of a rebuild, an SMR drive's internal cache zones overflow and the drive stalls for tens of seconds. The kernel reads that stall as a dead drive and ejects it mid-rebuild, crashing the array. The safe path is the same regardless of layout: image every member with ddrescue, PC-3000, or DeepSpar Disk Imager first, then recompute parity against the clones. The Synology Repair button is the wrong button when the volume is encrypted and a member is marginal.
Does Synology Storage Manager Repair Delete Encrypted Data?
Repair does not delete your files directly, but on a degraded encrypted array it can destroy your access to them, which amounts to the same loss. The UI presents Repair and Auto Repair as safe, automated fixes. What they actually trigger is a high-stress parity rebuild across surviving and often degrading disks, and as covered above, that rebuild can crash the array or write polluted parity over the LUKS header.
Moving the drives to a different Synology chassis carries the same class of risk. If the original crash was caused by metadata corruption rather than a dead power supply, the new unit will offer to Migrate or Repair the array. That rewrites the system partitions and attempts a forced import. When the import fails, DSM commonly offers a fresh install that overwrites the data partitions. The metadata you need for reconstruction is small and irreplaceable, and these workflows are exactly what overwrites it.
The safe response to a crashed encrypted volume is the same as for any Synology failure: power off, label each drive by its bay number, and avoid further writes. We image each drive in its current state before any reconstruction touches the data.
Is It Possible to Brute-Force Synology AES-256 Encryption?
No. If you have lost the passphrase, never exported a recovery key, and the local Key Vault on the system partition is gone or unreadable, the volume is unrecoverable and no lab can change that. AES-256 in XTS mode has a key space of 2 to the 256th power. Enumerating it is not limited by budget or patience; it is infeasible by a margin beyond anything that can be built. The ciphertext on your platters stays intact and unreadable.
This is where we differ from firms that advertise a single headline recovery rate across all NAS cases. Those numbers describe situations where the key material was present, or where the data was never encrypted at the block level at all. They do not describe a method for opening AES-256-XTS without the key, because no such method exists. We will tell you on day one whether your case has a viable key path, rather than bill you to confirm what the math already settled.
Why Do Linux Recovery Tools Find Nothing on an Encrypted Synology?
A standard Linux or Ubuntu box can do more of this than people expect. Pull the drives, and mdadm --assemble --readonly reassembles the SHR array, then vgchange -ay activates the LVM volume group. None of that is proprietary and it works on any workstation. The wall is the next layer. The LVM logical volume is a LUKS container, so what surfaces is a LUKS header followed by high-entropy ciphertext, not a mountable filesystem.
Because the dm-crypt mapper is never opened, every filesystem-level tool sees random data and nothing else. btrfs-find-root, btrfsck, photorec, and commercial carvers like R-Studio cannot tell data from free space when every sector is aes-xts-plain64 ciphertext. There is no Btrfs superblock or tree to locate until decryption succeeds. Those same Btrfs tools are useful, but only after cryptsetup luksOpen against a damaged decrypted tree, which is a different situation from a container that was never opened at all.
Opening the container still demands real key material: the volume passphrase, the exported recovery key (.rkey), or the wrapped key (.wkey) unwrapped by the machine.key. The DIY attempt does not fail because the tools are wrong; it fails because the key layer is missing.
Several irreversible actions destroy that local key even when the platters are physically intact: a factory reset, wiping or replacing the chassis so the machine.key on /dev/synoboot is gone, or corruption of the Key Vault directory on the md0 system partition. When the drives are physically fine but the chassis was reset or scrapped, extracting the key from a raw md0 image is the only path, and only if that key material still exists.
The LUKS2 PBKDF (pbkdf2, sha256, 600000 iterations) makes even a dictionary attack on a forgotten passphrase impractical, which is why a missing key is final rather than a matter of compute. This is the encryption layer of the wider Synology recovery workflow rather than a separate problem.
How Do You Recover a Synology Encrypted Volume?
We image every member through a hardware write-blocker, reassemble the SHR/mdadm and LVM stack from the clones, decrypt the logical volume against the recovered key, and extract Btrfs or ext4 offline. Your original drives are never modified. The steps below describe the work; they are not a do-it-yourself procedure, because a single wrong write to the LUKS header ends the recovery.
- Free evaluation: We document the model, the DSM error state, the SHR or RAID configuration, the filesystem, whether the volume is LUKS or eCryptfs encrypted, and what key material you still have. The key question is decided here.
- Write-blocked imaging: Each member is cloned with PC-3000 or DeepSpar. Marginal drives get conservative retry profiles and head maps so imaging captures the maximum without accelerating wear. The unencrypted md0 system partition is captured too, because the local Key Vault lives there.
- Header preservation: Before anything else, we back up the LUKS header from the imaged logical volume with
cryptsetup luksHeaderBackup, so a later mistake cannot cost the key-slot metadata. - Array reconstruction: We read mdadm superblocks from the clones, determine stripe size, parity rotation, and member order, assemble the array read-only with
mdadm --assemble --readonly, and activate the LVM volume group withvgchange -ay. - Key recovery and decryption: We recover the unwrapped master key from your passphrase, your exported recovery key, or the extracted Key Vault, then open the container with
cryptsetup luksOpenagainst the imaged logical volume. - Filesystem extraction: Once decrypted, we extract Btrfs or ext4. If the Btrfs tree is damaged we work read-only with
btrfs-find-rootandbtrfs restoreagainst historical generation roots rather than running any in-place repair, because copy-on-write means in-place repair destroys the older roots that recovery depends on. - Verification and delivery: Recovered data is copied to a target drive, verified against your priority file list, and shipped back. Working copies are securely purged on request.
The same RAID and filesystem reconstruction logic applies whether the volume is encrypted or not. Encryption adds one decryption step and removes every shortcut around a missing key. The broader array work mirrors any RAID data recovery case we run. Encrypted volumes are one slice of the wider NAS data recovery work we handle for Synology and every other vendor.
What Does Encrypted Volume Recovery Cost?
Encrypted Synology recovery uses the same two line items as any Synology array: a per-member price based on each drive's physical and firmware condition, plus an array reconstruction fee for the SHR/mdadm, LVM, decryption, and filesystem work. Encryption does not add a separate charge. If we recover nothing, you owe nothing under our no-fix-no-fee guarantee.
Per-Member Drive Pricing
Each member drive is priced against the same five-tier schedule used for individual hard drive data recovery. A four-bay unit with one head-swap member and three logical-only members generates one tier-4 line plus three lower-tier lines, not a single opaque bundle.
- Low complexity
Simple Copy
Your drive works, you just need the data moved off it
Functional drive; data transfer to new media
Rush available: +$100
$100
3-5 business days
- Low complexity
File System Recovery
Your drive isn't recognized by your computer, but it's not making unusual sounds
File system corruption. Accessible with professional recovery software but not by the OS
Starting price; final depends on complexity
From $250
2-4 weeks
- Medium complexity
Firmware Repair
Your drive is completely inaccessible. It may be detected but shows the wrong size or won't respond
Firmware corruption: ROM, modules, or translator tables corrupted; requires PC-3000 terminal access
CMR drive: $600. SMR drive: $900.
$600–$900
3-6 weeks
- High complexity
Most Common
Head Swap
Your drive is clicking, beeping, or won't spin. The internal read/write heads have failed
Head stack assembly failure. Transplanting heads from a matching donor drive on a clean bench
50% deposit required. CMR: $1,200-$1,500 + donor. SMR: $1,500 + donor.
50% deposit required
$1,200–$1,500
4-8 weeks
- High complexity
Surface / Platter Damage
Your drive was dropped, has visible damage, or a head crash scraped the platters
Platter scoring or contamination. Requires platter cleaning and head swap
50% deposit required. Donor parts are consumed in the repair. Most difficult recovery type.
50% deposit required
$2,000
4-8 weeks
Hardware Repair vs. Software Locks
Our "no data, no fee" policy applies to hardware recovery. We do not bill for unsuccessful physical repairs. If we replace a hard drive read/write head assembly or repair a liquid-damaged logic board to a bootable state, the hardware repair is complete and standard rates apply. If data remains inaccessible due to user-configured software locks, a forgotten passcode, or a remote wipe command, the physical repair is still billable. We cannot bypass user encryption or activation locks.
No data, no fee. Free evaluation and firm quote before any paid work. Full guarantee details. Head swap and surface damage require a 50% deposit because donor parts are consumed in the attempt.
- Rush fee
- +$100 rush fee to move to the front of the queue
- Donor drives
- Donor drives are matching drives used for parts. Typical donor cost: $50–$150 for common drives, $200–$400 for rare or high-capacity models. We source the cheapest compatible donor available.
- Target drive
- The destination drive we copy recovered data onto. You can supply your own or we provide one at cost plus a small markup. For larger capacities (8TB, 10TB, 16TB and above), target drives cost $400+ extra. All prices are plus applicable tax.
The prices above are for standard hard drives, which covers most jobs. Helium-sealed drives (for example WD or HGST Ultrastar He and Seagate Exos X) must be resealed and refilled with helium in-house after the chamber is opened, so they price higher, in the $200–$5,000+ range. See helium drive pricing.
Array Reconstruction Fee
The array reconstruction fee is $400-$800. It covers SHR/mdadm parameter detection, LVM reconstruction, virtual assembly from cloned images, LUKS decryption against your recovered key, and Btrfs or ext4 extraction. The final figure within that range depends on member count, RAID level, and mixed-capacity SHR complexity. It is confirmed at the free evaluation alongside the per-member line items.
No Data = No Charge. If we cannot recover usable data from your encrypted Synology, you owe nothing under our no-fix-no-fee guarantee. There are no diagnostic fees. A rush fee of $100 moves a case to the front of the imaging queue. Optional return shipping is the only other potential cost on an unsuccessful case.
How Do I Protect a Synology Encrypted Volume in Advance?
Export the LUKS recovery key when you create the encrypted volume and store it somewhere that does not depend on the NAS surviving. A recovery key saved only on the volume it decrypts is not a recovery key, and one saved only on the same NAS is one power-supply failure away from useless. A password manager, a printed copy in a safe, or a hardware token all work.
Encryption also does not change the oldest rule in storage: a redundant array gives you hardware availability, not a backup. Ransomware, an accidental deletion, a controller fault, or a cascading failure across drives from the same manufacturing batch destroys every member at once, encrypted or not. Keep discrete, offline backups, and verify them with a test restore to a different machine before you assume they protect you.
What Are the Most Common Encrypted Synology Recovery Questions?
Do you need my Synology encryption key or password to recover an encrypted volume?
Can data be recovered from a crashed Synology encrypted volume?
What happens if I lose my Synology DSM 7.2 recovery key (.rkey)?
Does Synology Storage Manager Repair delete encrypted data?
What is the difference between a Synology encrypted shared folder and volume encryption?
Is it possible to brute-force Synology AES-256 encryption?
My Synology died but the drives look fine. Does that mean my encrypted data is fine?
Can you sign an NDA for confidential business data on an encrypted Synology?
Data Recovery Standards & Verification
Our Austin lab operates on a transparency-first model. We use industry-standard recovery tools, including PC-3000 and DeepSpar, combined with strict environmental controls to maintain drive integrity. This approach allows us to serve clients nationwide with consistent technical standards.
Open-drive work is performed in a ULPA-filtered laminar-flow bench, validated to 0.02 µm particle count, verified using TSI P-Trak instrumentation.
Transparent History
Serving clients nationwide via mail-in service since 2008. Our lead engineer holds PC-3000 and HEX Akademia certifications for hard drive firmware repair and mechanical recovery.
Media Coverage
Our repair work has been covered by The Wall Street Journal and Business Insider, with CBC News reporting on our pricing transparency. Louis Rossmann has testified in Right to Repair hearings in multiple states and founded the Repair Preservation Group.
Aligned Incentives
Our "No Data, No Charge" policy means we assume the risk of the recovery attempt, not the client.
Technical Oversight
Louis Rossmann
Our engineers review all lab protocols to maintain technical accuracy and honest service. Since 2008, his focus has been on clear technical communication and accurate diagnostics rather than sales-driven explanations.
We believe in proving standards rather than just stating them. We use TSI P-Trak instrumentation to verify that clean-air benchmarks are met before any drive is opened.
See our clean bench validation data and particle test videoRelated services
Related Recovery Services
Volume Crashed, Storage Pool Degraded, SHR reconstruction, and Btrfs/EXT4 recovery for all DiskStation and RackStation models.
Recovery for all NAS brands including QNAP, Buffalo, Western Digital, and Asustor.
Hardware and software RAID array reconstruction for RAID 0, 1, 5, 6, and 10.
Individual HDD recovery From $100. Head swaps, firmware rebuilds, and platter imaging.
Synology asking for a Recovery Key you cannot find?
Free evaluation. No data = no charge. Ship your drives from anywhere in the U.S.