How can I tell if a encrypted (LUKS) device is already open?

encryption luks block-device device-mapper

6,241

Solution 1

The following code checks whether the device DEV_LUKS is an encrypted LUKS device and already opend (decrypted).

DEV_LUKS=/dev/sda

cryptsetup isLuks $DEV_LUKS && echo "$DEV_LUKS is a LUKS Device" || echo "$DEV_LUKS is not a LUKS Device"
test -b /dev/disk/by-id/dm-uuid-*$(cryptsetup luksUUID $DEV_LUKS | tr -d -)* && echo "$DEV_LUKS is opened" || echo "$DEV_LUKS is not opened"

Solution 2

Another simple option which may show what you need:

dmsetup ls | grep crypt | cut -f1 -d_

On my system this returns:

sda5

This returns device names which include crypt which may be the case in your system.

6,241

Author by

loopbackbee

Updated on September 18, 2022

Comments

loopbackbee almost 2 years

Is there a way to tell, given a path to a LUKS block device, and not knowing the passphrase, whether the device is already open (decrypted)?

What about knowing the path to the decrypted device?
- stefanct almost 4 years
  
  This does not answer the respective question, but If you only know the device mapper name (which you would supply to cryptsetup luksClose for example) the return value of dmsetup status <device> indicates if it is open.