I'm aware of being able to use the cryptsetup isLuks command to find out whether a partition is a LUKS container. I want to be able to use this command with the mountpoint of the LUKS container for the case that I cannot be sure that I know the partition's device name, how can I do this in one command?
For example, I have a Luks container at /dev/sda2, I open it with
$ cryptsetup luksOpen /dev/sda2 vaultThen I mount the container with
$ mount /dev/mapper/vault /mountpointAt this point I would like to know whether /mountpoint is a Luks container
$ cryptsetup isLuks -v /dev/sda2
Command successful.
$ cryptsetup isLuks -v /mountpoint
Command failed with code 15: Block device required
$ cryptsetup isLuks -v /dev/mapper/vault
Command failed with code 22: Device /dev/mapper/vault is not a valid LUKS device.Normally I'd use lsblk to get the block device of a mountpoint, but this returns the /dev/mapper/vault path.
└─sda2 8:8 0 9.3G 0 part └─vault 252:0 0 9.3G 0 crypt /mountpointIf I could resolve /dev/mapper/vault to /dev/sda2 somehow, I would be able to use command substitution inside the cryptsetup isLuks command.
It would be great to find something more elegant than using awk or something to parse the output of mount, but if that's the only way then it works I suppose.
3 Answers
This should work. It's a little long, but making a bash function would simplify it:
cryptsetup isLuks -v `df /mountpoint | tail -n1 | awk '{print $1;}'`I had the same problem to. Solved like this.
lsblk -sJp | jq -r --arg dsk "/dev/mapper/disk_name" '.blockdevices | .[] | select(.name == $dsk) | .children | .[0] | .name'Return e.g. /dev/sda2
someone mentioned using lsblk
This is a relatively easy way but only if you do
alias lsblk2='lsblk -o type,name,label,partlabel,size,fstype,model,serial,wwn,uuid'Then the output from lsblk will have much extra useful information, and the FSTYPE will show crypto_LUKS and then show the resulting partitions underneath. And you'll also have the disk model and serial number to reference which I find useful making heads and tails of things.
man lsblk and add any options after the -o that you may find make it more useful for yourself.
I think this way... getting a simple visible tree list of all disks that linux currently sees... is the most straight forward way with least typing to know which disks/partitions are luks encrypted, will show up as crypto_LUKS at least that's what I see using RHEL 7.9.
