5

Is there a way to tell, given a path to a LUKS block device, and not knowing the passphrase, whether the device is already open (decrypted)?

What about knowing the path to the decrypted device?

loopbackbee
  • 4,442
  • 3
  • 24
  • 30
  • 1
    This does not answer the respective question, but If you only know the device mapper name (which you would supply to `cryptsetup luksClose` for example) the return value of `dmsetup status ` indicates if it is open. – stefanct Aug 03 '20 at 19:06

2 Answers2

3

The following code checks whether the device DEV_LUKS is an encrypted LUKS device and already opend (decrypted).

DEV_LUKS=/dev/sda

cryptsetup isLuks $DEV_LUKS && echo "$DEV_LUKS is a LUKS Device" || echo "$DEV_LUKS is not a LUKS Device"
test -b /dev/disk/by-id/dm-uuid-*$(cryptsetup luksUUID $DEV_LUKS | tr -d -)* && echo "$DEV_LUKS is opened" || echo "$DEV_LUKS is not opened"
Tim
  • 41
  • 2
2

Another simple option which may show what you need:

dmsetup ls | grep crypt | cut -f1 -d_

On my system this returns:

sda5

This returns device names which include crypt which may be the case in your system.

Yurij Goncharuk
  • 4,177
  • 2
  • 19
  • 36
Charles Nelson
  • 21
  • 1