25

What command can be used to determine the used encryption on a LUKS partition (all the relevant information, initialization vector, generation scheme, mode of operation and block cipher primitive)?

intika
  • 13,920
  • 7
  • 41
  • 79
user
  • 2,227
  • 6
  • 20
  • 25

2 Answers2

29

If the decrypted volume is /dev/mapper/crypto then you can get the information with

dmsetup table crypto
0 104853504 crypt aes-cbc-essiv:sha256 000[...]000 0 254:2 4096

If the encrypted volume is /dev/storage2/crypto then you get the information with

cryptsetup luksDump /dev/storage2/crypto
LUKS header information for /dev/storage2/crypto

Version:        1
Cipher name:    aes
Cipher mode:    cbc-essiv:sha256
Hash spec:      sha256
[...]
Hauke Laging
  • 88,146
  • 18
  • 125
  • 174
  • 1
    Why two different tools for the same task: dmsetup is a [lower level tool](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt#configuration-with-dmsetup-tool) then cryptsetup. – akhan Dec 05 '18 at 19:49
  • 8
    @akhan That's just what I am used to. But `cryptsetup status crypto` can be used, too. – Hauke Laging Dec 07 '18 at 21:28
16

List the disks: 

lsblk --fs

Then (used encryption): 

cryptsetup luksDump /dev/sdb1

Or (used encryption):

cryptsetup status crypt_sdb1

In addition (kernel supported encryption and bench):

cat /proc/crypto
ls /lib/modules/$(uname -r)/kernel/crypto/

#cryptsetup benchmark --cipher aes-xts --key-size 256 
cryptsetup benchmark
intika
  • 13,920
  • 7
  • 41
  • 79
  • 1
    As far as i understand, when using `cryptsetup status `, the ``s that give info can be identified by the type `crypt` when using `lsblk` (without options). – goulashsoup Apr 08 '22 at 10:51
  • @goulashsoup thank you! that little piece of information has been sorely missing from everything I've just spent the last half hour reading through... – Inigo Sep 26 '22 at 20:48