[dm-crypt] How to recognize a LUKS container

[dm-crypt] How to recognize a LUKS container

[H McCurdy]

[-- Attachment #1: Type: text/plain, Size: 367 bytes --]

Hi,
I've read the FAQ (but can't guarantee I didn't miss something).  In the warnings sections about the Ubuntu installer I read "... (it is very easy to recognize a LUKS container)..."
I don't actually need to know, but I'd like to know how this is done.  I didn't find the answer in the FAQ, didn't find it using Google and didn't find it on Stack Overflow.


[-- Attachment #2: Type: text/html, Size: 862 bytes --]

Re: [dm-crypt] How to recognize a LUKS container

[Ralf Ramsauer]

[-- Attachment #1: Type: text/plain, Size: 1354 bytes --]

Hello,

there are few options how to detect a LUKS container:

- use 'cryptsetup luksDump' on your device. It will fail, if it's not a
LUKS container.
- If you have a dump, you can also use the 'file' command

Or the sophisticated one :-)
- Look at the first few bytes of your partition/dump and check, if it
contains the magic header "LUKS"
  'sudo head -c 128 /dev/yourdevice | hexdump -C'
It should look like

    00000000  4c 55 4b 53 ba be 00 01  61 65 73 00 00 00 00 00 
    |LUKS....aes.....|
    00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 
    |................|
    00000020  00 00 00 00 00 00 00 00  78 74 73 2d 70 6c 61 69 
    |........xts-plai|
    00000030  6e 36 34 00 00 00 00 00  00 00 00 00 00 00 00 00 
    |n64.............|
    ...


Cheers
  Ralf

On 09/22/2015 08:52 PM, H McCurdy wrote:
> Hi,
>
> I've read the FAQ (but can't guarantee I didn't miss something).  In
> the warnings sections about the Ubuntu installer I read "... (it is
> very easy to recognize a LUKS container)..."
>
> I don't actually need to know, but I'd like to know how this is done. 
> I didn't find the answer in the FAQ, didn't find it using Google and
> didn't find it on Stack Overflow.
>
>
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


[-- Attachment #2: Type: text/html, Size: 2970 bytes --]

Re: [dm-crypt] How to recognize a LUKS container

[Arno Wagner]

Hi,

it is very easy:

- cryptsetup isLuks <container> returns true
- the container starts with the LUKS magic number, i.e.
  'L','U','K','S', 0xBA, 0xBE.



On Tue, Sep 22, 2015 at 20:52:16 CEST, H McCurdy wrote:
> Hi,
>
> I've read the FAQ (but can't guarantee I didn't miss something).  In the
> warnings sections about the Ubuntu installer I read "...  (it is very easy
> to recognize a LUKS container)..."

Always good to know it gets read!

> I don't actually need to know, but I'd like to know how this is done.  I
> didn't find the answer in the FAQ, didn't find it using Google and didn't
> find it on Stack Overflow.

It is really very easy, both using cryptsetup and manyally:

- "cryptsetup isLuks <container>" returns true
  use option -v for additional text output.

- The container starts with the LUKS magic number, i.e.
  'L','U','K','S', 0xBA, 0xBE.

The reference for the second one would be the Luks Specification,
available here:

https://gitlab.com/cryptsetup/cryptsetup/wikis/LUKS-standard/on-disk-format.pdf

(It is referenced in the FAQ at the end).

Regards,
Arno

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier

Re: [dm-crypt] How to recognize a LUKS container

[Ralf Ramsauer]

[-- Attachment #1: Type: text/plain, Size: 1690 bytes --]

Damn, eventually I forgot to mention

cryptsetup isLuks yourDevice

  Ralf

On 09/22/2015 10:03 PM, Ralf Ramsauer wrote:
> Hello,
>
> there are few options how to detect a LUKS container:
>
> - use 'cryptsetup luksDump' on your device. It will fail, if it's not
> a LUKS container.
> - If you have a dump, you can also use the 'file' command
>
> Or the sophisticated one :-)
> - Look at the first few bytes of your partition/dump and check, if it
> contains the magic header "LUKS"
>   'sudo head -c 128 /dev/yourdevice | hexdump -C'
> It should look like
>
>     00000000  4c 55 4b 53 ba be 00 01  61 65 73 00 00 00 00 00 
>     |LUKS....aes.....|
>     00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 
>     |................|
>     00000020  00 00 00 00 00 00 00 00  78 74 73 2d 70 6c 61 69 
>     |........xts-plai|
>     00000030  6e 36 34 00 00 00 00 00  00 00 00 00 00 00 00 00 
>     |n64.............|
>     ...
>
>
> Cheers
>   Ralf
>
> On 09/22/2015 08:52 PM, H McCurdy wrote:
>> Hi,
>>
>> I've read the FAQ (but can't guarantee I didn't miss something).  In
>> the warnings sections about the Ubuntu installer I read "... (it is
>> very easy to recognize a LUKS container)..."
>>
>> I don't actually need to know, but I'd like to know how this is
>> done.  I didn't find the answer in the FAQ, didn't find it using
>> Google and didn't find it on Stack Overflow.
>>
>>
>>
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt@saout.de
>> http://www.saout.de/mailman/listinfo/dm-crypt
>
>
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


[-- Attachment #2: Type: text/html, Size: 3995 bytes --]

Re: [dm-crypt] How to recognize a LUKS container

[Michael Kjörling]

On 22 Sep 2015 22:03 +0200, from ralf+dm@ramses-pyramidenbau.de (Ralf Ramsauer):
> - If you have a dump, you can also use the 'file' command
> 
> Or the sophisticated one :-)
> - Look at the first few bytes of your partition/dump and check, if it
> contains the magic header "LUKS"

Or you can use 'file' directly, if you pass '-s' (--special-files) to it:

$ sudo file -s /dev/sdXY
/dev/sdXY: sticky LUKS encrypted file, ver 1 [aes, xts-plain64, sha512] UUID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
$ 

But I expect that 'cryptsetup isLuks' would be the best bet, as well
as lending itself better to automation (assuming of course that is the
end goal).

-- 
Michael Kjörling • https://michael.kjorling.se • michael@kjorling.se
OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)

Re: [dm-crypt] How to recognize a LUKS container

[H McCurdy]

[-- Attachment #1: Type: text/plain, Size: 1731 bytes --]

Thanks everyone.  Since the issue was Ubuntu installer software not figuring it out, I was wondering about a way to solve the problem so that a program could figure it out (without human help).
I might have figured it out but can't test my idea until tomorrow.  My thought is to try to access it as if it exists and if the function returns -1, then it's not a valid LUKS container.  Anyway, that's my idea.
I might need to examine errno to make sure the error isn't something like EPERM.


 


     On Tuesday, September 22, 2015 4:20 PM, Michael Kjörling <michael@kjorling.se> wrote:
   

 On 22 Sep 2015 22:03 +0200, from ralf+dm@ramses-pyramidenbau.de (Ralf Ramsauer):
> - If you have a dump, you can also use the 'file' command
> 
> Or the sophisticated one :-)
> - Look at the first few bytes of your partition/dump and check, if it
> contains the magic header "LUKS"

Or you can use 'file' directly, if you pass '-s' (--special-files) to it:

$ sudo file -s /dev/sdXY
/dev/sdXY: sticky LUKS encrypted file, ver 1 [aes, xts-plain64, sha512] UUID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
$ 

But I expect that 'cryptsetup isLuks' would be the best bet, as well
as lending itself better to automation (assuming of course that is the
end goal).

-- 
Michael Kjörling • https://michael.kjorling.se • michael@kjorling.se
OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp
                “People who think they know everything really annoy
                those of us who know we don’t.” (Bjarne Stroustrup)
_______________________________________________
dm-crypt mailing list
dm-crypt@saout.de
http://www.saout.de/mailman/listinfo/dm-crypt


  

[-- Attachment #2: Type: text/html, Size: 3755 bytes --]

Re: [dm-crypt] How to recognize a LUKS container

[Michael Kjörling]

On 23 Sep 2015 02:29 +0000, from hmccurdy@yahoo.com (H McCurdy):
> I might have figured it out but can't test my idea until tomorrow. 
> My thought is to try to access it as if it exists and if the
> function returns -1, then it's not a valid LUKS container.  Anyway,
> that's my idea.

For the scenario you describe, something like

# test -r $DEVICE && cryptsetup isLuks $DEVICE && echo It is LUKS

is probably the best bet.

-- 
Michael Kjörling • https://michael.kjorling.se • michael@kjorling.se
OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)

Re: [dm-crypt] How to recognize a LUKS container

[Milan Broz]

On 09/23/2015 09:50 AM, Michael Kjörling wrote:
> On 23 Sep 2015 02:29 +0000, from hmccurdy@yahoo.com (H McCurdy):
>> I might have figured it out but can't test my idea until tomorrow. 
>> My thought is to try to access it as if it exists and if the
>> function returns -1, then it's not a valid LUKS container.  Anyway,
>> that's my idea.
> 
> For the scenario you describe, something like
> 
> # test -r $DEVICE && cryptsetup isLuks $DEVICE && echo It is LUKS

In generoic scripts I would better suggest to use blkid
(or libblkid if you need link to a library).

See blkid man page for all formatting etc. parameters.

Milan