I got a luks-encrypted Linux partition called /dev/vda2 and protected by a passphrase running on EC2 AWS cloud. Over time other developers set and use other slots. I think they have 8 slots. How can I find which which luks slot a passphrase is in on Linux?
If device called /dev/vda2, we run:
sudo cryptsetup luksDump /dev/DEVICE sudo cryptsetup luksDump /dev/vda2
This should list all key slots in use.
How to find and verify which luks slot a passphrase is in on Linux
A little bit tricky but we can do it as follows:
sudo cryptsetup --verbose open --test-passphrase /dev/DEVICE sudo cryptsetup --verbose open --test-passphrase /dev/vda3
The command will ask for the passphrase:
Enter passphrase for /dev/vda3: Key slot 0 unlocked. Command successful.
It will tell you correct slot, without any guesswork on your part.
Finding which luks slot a passhrase/password is in on Linux server or laptop
However, above command might not work on an older system/LUKS version, in that case, we can use:
# Use Bash && (AND list operator) SLOT=2 DEV=/dev/sda1 sudo cryptsetup luksOpen --test-passphrase --key-slot $SLOT $DEV && echo "Correct key found in $SLOT for $DEV" # # Add || (OR list operator) # sudo cryptsetup open --test-passphrase \ -S $SLOT $DEV \ && echo "Correct key found in $SLOT for $DEV" \ || echo "Key NOT found in $SLOT for $DEV"
So I get confirmation from CentOS 7 Linux server:
Enter passphrase for /dev/sda1: Correct key found in 2 for /dev/sda1
I tested all commands on a CentOS/RHEL, Debian and Ubuntu Linux.
--test-passphrase: Do not activate device, just check
--key-slot N: Slot number for new key (0 - 7 only)
-S N: Same as
Try it out.