From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id juAFjIP-mYnP for ; Thu, 20 Dec 2012 12:16:20 +0100 (CET) Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by mail.saout.de (Postfix) with ESMTP for ; Thu, 20 Dec 2012 12:16:20 +0100 (CET) Received: from mailout-eu.gmx.com ([10.1.101.2]) by mrigmx.server.lan (mrigmx002) with ESMTP (Nemesis) id 0ME0gb-1Tt1qd2CTP-00HMN8 for ; Thu, 20 Dec 2012 12:16:20 +0100 Message-ID: <50D2F37C.1000000@gmx.com> Date: Thu, 20 Dec 2012 13:16:12 +0200 From: Yaron Sheffer MIME-Version: 1.0 References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] UUID question List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Hi Sven, a quick correction: blkid is (surprisingly) not smart enough, and your command line results in duplicates. Both the /dev (e.g. /dev/sdg) and the equivalent /dev/disk/by-uuid are listed. So you want to use: blkid -t TYPE="crypto_LUKS" -s UUID /dev/disk/by-uuid/* (tested on Ubuntu 10.04 Lucid). Thanks, Yaron On 12/20/2012 01:00 PM, dm-crypt-request@saout.de wrote: > Date: Thu, 20 Dec 2012 00:30:23 +0100 > From: "Sven Eschenberg" > To: dm-crypt@saout.de > Subject: Re: [dm-crypt] UUID question > Message-ID: > <18e39b1120b315e7553bdb330e5103c5.squirrel@ssl.verfeiert.org> > Content-Type: text/plain;charset=utf-8 > > cryptsetup luksUUID will return the luks header's UUID if > holds a luks header, and yes, this should usually not change the same way > as the UUID of a filesystem souldn't. > > There's 2 problems though: > > 1.) You'd have to know in advance or iterate over all possible (non > locked) blockdevices (which is what blkid usually does anyway for you) > > 2.) a blockdev could possibly hold a luks header and still be part of a md > device (depending on metadata version), you'd better hope that the md > device is set up already, when you issue your cryptsetup commands. > > Concerning the original question: > > The UUID within the LUKS header should not change throughout the LUKS > volume's lifetime, except for enforced changes (as noted before). > > To associated keys based on luks UUID, using something like: > 'blkid -t TYPE="crypto_LUKS" -s UUID' > is probably a good starting point, as it gives you the UUID to retrieve > the keys based on the UUID and the device inode you'd use on further calls > to cryptsetup etc. - The rest is just a little shell magic ;-) > > Regards > > -Sven > >