* [dm-crypt] How to recognize a LUKS container @ 2015-09-22 18:52 H McCurdy 2015-09-22 20:03 ` Ralf Ramsauer 2015-09-22 20:13 ` Arno Wagner 0 siblings, 2 replies; 8+ messages in thread From: H McCurdy @ 2015-09-22 18:52 UTC (permalink / raw) To: dm-crypt@saout.de [-- Attachment #1: Type: text/plain, Size: 367 bytes --] Hi, I've read the FAQ (but can't guarantee I didn't miss something). In the warnings sections about the Ubuntu installer I read "... (it is very easy to recognize a LUKS container)..." I don't actually need to know, but I'd like to know how this is done. I didn't find the answer in the FAQ, didn't find it using Google and didn't find it on Stack Overflow. [-- Attachment #2: Type: text/html, Size: 862 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dm-crypt] How to recognize a LUKS container 2015-09-22 18:52 [dm-crypt] How to recognize a LUKS container H McCurdy @ 2015-09-22 20:03 ` Ralf Ramsauer 2015-09-22 20:14 ` Ralf Ramsauer 2015-09-22 20:19 ` Michael Kjörling 2015-09-22 20:13 ` Arno Wagner 1 sibling, 2 replies; 8+ messages in thread From: Ralf Ramsauer @ 2015-09-22 20:03 UTC (permalink / raw) To: dm-crypt [-- Attachment #1: Type: text/plain, Size: 1354 bytes --] Hello, there are few options how to detect a LUKS container: - use 'cryptsetup luksDump' on your device. It will fail, if it's not a LUKS container. - If you have a dump, you can also use the 'file' command Or the sophisticated one :-) - Look at the first few bytes of your partition/dump and check, if it contains the magic header "LUKS" 'sudo head -c 128 /dev/yourdevice | hexdump -C' It should look like 00000000 4c 55 4b 53 ba be 00 01 61 65 73 00 00 00 00 00 |LUKS....aes.....| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000020 00 00 00 00 00 00 00 00 78 74 73 2d 70 6c 61 69 |........xts-plai| 00000030 6e 36 34 00 00 00 00 00 00 00 00 00 00 00 00 00 |n64.............| ... Cheers Ralf On 09/22/2015 08:52 PM, H McCurdy wrote: > Hi, > > I've read the FAQ (but can't guarantee I didn't miss something). In > the warnings sections about the Ubuntu installer I read "... (it is > very easy to recognize a LUKS container)..." > > I don't actually need to know, but I'd like to know how this is done. > I didn't find the answer in the FAQ, didn't find it using Google and > didn't find it on Stack Overflow. > > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt [-- Attachment #2: Type: text/html, Size: 2970 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dm-crypt] How to recognize a LUKS container 2015-09-22 20:03 ` Ralf Ramsauer @ 2015-09-22 20:14 ` Ralf Ramsauer 2015-09-22 20:19 ` Michael Kjörling 1 sibling, 0 replies; 8+ messages in thread From: Ralf Ramsauer @ 2015-09-22 20:14 UTC (permalink / raw) To: dm-crypt [-- Attachment #1: Type: text/plain, Size: 1690 bytes --] Damn, eventually I forgot to mention cryptsetup isLuks yourDevice Ralf On 09/22/2015 10:03 PM, Ralf Ramsauer wrote: > Hello, > > there are few options how to detect a LUKS container: > > - use 'cryptsetup luksDump' on your device. It will fail, if it's not > a LUKS container. > - If you have a dump, you can also use the 'file' command > > Or the sophisticated one :-) > - Look at the first few bytes of your partition/dump and check, if it > contains the magic header "LUKS" > 'sudo head -c 128 /dev/yourdevice | hexdump -C' > It should look like > > 00000000 4c 55 4b 53 ba be 00 01 61 65 73 00 00 00 00 00 > |LUKS....aes.....| > 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > |................| > 00000020 00 00 00 00 00 00 00 00 78 74 73 2d 70 6c 61 69 > |........xts-plai| > 00000030 6e 36 34 00 00 00 00 00 00 00 00 00 00 00 00 00 > |n64.............| > ... > > > Cheers > Ralf > > On 09/22/2015 08:52 PM, H McCurdy wrote: >> Hi, >> >> I've read the FAQ (but can't guarantee I didn't miss something). In >> the warnings sections about the Ubuntu installer I read "... (it is >> very easy to recognize a LUKS container)..." >> >> I don't actually need to know, but I'd like to know how this is >> done. I didn't find the answer in the FAQ, didn't find it using >> Google and didn't find it on Stack Overflow. >> >> >> >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@saout.de >> http://www.saout.de/mailman/listinfo/dm-crypt > > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt [-- Attachment #2: Type: text/html, Size: 3995 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dm-crypt] How to recognize a LUKS container 2015-09-22 20:03 ` Ralf Ramsauer 2015-09-22 20:14 ` Ralf Ramsauer @ 2015-09-22 20:19 ` Michael Kjörling 2015-09-23 2:29 ` H McCurdy 1 sibling, 1 reply; 8+ messages in thread From: Michael Kjörling @ 2015-09-22 20:19 UTC (permalink / raw) To: dm-crypt On 22 Sep 2015 22:03 +0200, from ralf+dm@ramses-pyramidenbau.de (Ralf Ramsauer): > - If you have a dump, you can also use the 'file' command > > Or the sophisticated one :-) > - Look at the first few bytes of your partition/dump and check, if it > contains the magic header "LUKS" Or you can use 'file' directly, if you pass '-s' (--special-files) to it: $ sudo file -s /dev/sdXY /dev/sdXY: sticky LUKS encrypted file, ver 1 [aes, xts-plain64, sha512] UUID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx $ But I expect that 'cryptsetup isLuks' would be the best bet, as well as lending itself better to automation (assuming of course that is the end goal). -- Michael Kjörling • https://michael.kjorling.se • michael@kjorling.se OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup) ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dm-crypt] How to recognize a LUKS container 2015-09-22 20:19 ` Michael Kjörling @ 2015-09-23 2:29 ` H McCurdy 2015-09-23 7:50 ` Michael Kjörling 0 siblings, 1 reply; 8+ messages in thread From: H McCurdy @ 2015-09-23 2:29 UTC (permalink / raw) To: Michael Kjörling, dm-crypt@saout.de [-- Attachment #1: Type: text/plain, Size: 1731 bytes --] Thanks everyone. Since the issue was Ubuntu installer software not figuring it out, I was wondering about a way to solve the problem so that a program could figure it out (without human help). I might have figured it out but can't test my idea until tomorrow. My thought is to try to access it as if it exists and if the function returns -1, then it's not a valid LUKS container. Anyway, that's my idea. I might need to examine errno to make sure the error isn't something like EPERM. On Tuesday, September 22, 2015 4:20 PM, Michael Kjörling <michael@kjorling.se> wrote: On 22 Sep 2015 22:03 +0200, from ralf+dm@ramses-pyramidenbau.de (Ralf Ramsauer): > - If you have a dump, you can also use the 'file' command > > Or the sophisticated one :-) > - Look at the first few bytes of your partition/dump and check, if it > contains the magic header "LUKS" Or you can use 'file' directly, if you pass '-s' (--special-files) to it: $ sudo file -s /dev/sdXY /dev/sdXY: sticky LUKS encrypted file, ver 1 [aes, xts-plain64, sha512] UUID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx $ But I expect that 'cryptsetup isLuks' would be the best bet, as well as lending itself better to automation (assuming of course that is the end goal). -- Michael Kjörling • https://michael.kjorling.se • michael@kjorling.se OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup) _______________________________________________ dm-crypt mailing list dm-crypt@saout.de http://www.saout.de/mailman/listinfo/dm-crypt [-- Attachment #2: Type: text/html, Size: 3755 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dm-crypt] How to recognize a LUKS container 2015-09-23 2:29 ` H McCurdy @ 2015-09-23 7:50 ` Michael Kjörling 2015-09-23 8:39 ` Milan Broz 0 siblings, 1 reply; 8+ messages in thread From: Michael Kjörling @ 2015-09-23 7:50 UTC (permalink / raw) To: dm-crypt On 23 Sep 2015 02:29 +0000, from hmccurdy@yahoo.com (H McCurdy): > I might have figured it out but can't test my idea until tomorrow. > My thought is to try to access it as if it exists and if the > function returns -1, then it's not a valid LUKS container. Anyway, > that's my idea. For the scenario you describe, something like # test -r $DEVICE && cryptsetup isLuks $DEVICE && echo It is LUKS is probably the best bet. -- Michael Kjörling • https://michael.kjorling.se • michael@kjorling.se OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup) ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dm-crypt] How to recognize a LUKS container 2015-09-23 7:50 ` Michael Kjörling @ 2015-09-23 8:39 ` Milan Broz 0 siblings, 0 replies; 8+ messages in thread From: Milan Broz @ 2015-09-23 8:39 UTC (permalink / raw) To: Michael Kjörling, dm-crypt On 09/23/2015 09:50 AM, Michael Kjörling wrote: > On 23 Sep 2015 02:29 +0000, from hmccurdy@yahoo.com (H McCurdy): >> I might have figured it out but can't test my idea until tomorrow. >> My thought is to try to access it as if it exists and if the >> function returns -1, then it's not a valid LUKS container. Anyway, >> that's my idea. > > For the scenario you describe, something like > > # test -r $DEVICE && cryptsetup isLuks $DEVICE && echo It is LUKS In generoic scripts I would better suggest to use blkid (or libblkid if you need link to a library). See blkid man page for all formatting etc. parameters. Milan ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dm-crypt] How to recognize a LUKS container 2015-09-22 18:52 [dm-crypt] How to recognize a LUKS container H McCurdy 2015-09-22 20:03 ` Ralf Ramsauer @ 2015-09-22 20:13 ` Arno Wagner 1 sibling, 0 replies; 8+ messages in thread From: Arno Wagner @ 2015-09-22 20:13 UTC (permalink / raw) To: dm-crypt Hi, it is very easy: - cryptsetup isLuks <container> returns true - the container starts with the LUKS magic number, i.e. 'L','U','K','S', 0xBA, 0xBE. On Tue, Sep 22, 2015 at 20:52:16 CEST, H McCurdy wrote: > Hi, > > I've read the FAQ (but can't guarantee I didn't miss something). In the > warnings sections about the Ubuntu installer I read "... (it is very easy > to recognize a LUKS container)..." Always good to know it gets read! > I don't actually need to know, but I'd like to know how this is done. I > didn't find the answer in the FAQ, didn't find it using Google and didn't > find it on Stack Overflow. It is really very easy, both using cryptsetup and manyally: - "cryptsetup isLuks <container>" returns true use option -v for additional text output. - The container starts with the LUKS magic number, i.e. 'L','U','K','S', 0xBA, 0xBE. The reference for the second one would be the Luks Specification, available here: https://gitlab.com/cryptsetup/cryptsetup/wikis/LUKS-standard/on-disk-format.pdf (It is referenced in the FAQ at the end). Regards, Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2015-09-23 8:39 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2015-09-22 18:52 [dm-crypt] How to recognize a LUKS container H McCurdy 2015-09-22 20:03 ` Ralf Ramsauer 2015-09-22 20:14 ` Ralf Ramsauer 2015-09-22 20:19 ` Michael Kjörling 2015-09-23 2:29 ` H McCurdy 2015-09-23 7:50 ` Michael Kjörling 2015-09-23 8:39 ` Milan Broz 2015-09-22 20:13 ` Arno Wagner
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.