cryptsetup-luksDump - Linux
Overview
cryptsetup-luksDump is a powerful Linux command used to dump the LUKS (Linux Unified Key Setup) metadata and key material from an encrypted device. It extracts the LUKS header, including encryption parameters, passphrase hashes, and key slots, providing valuable information for forensic analysis and recovery operations.
Syntax
cryptsetup-luksDump [options] <device>
Options/Flags
- -h, –help: Display usage information
- -v, –verbose: Enable verbose output
- -f, –force: Force the dump even if the device is locked
- -o, –output=
: Dump metadata to a file instead of stdout - –header-only: Dump only the LUKS header
- –keyslot-num=
: Specify the keyslot to dump (default: all) - –pw-plain: Print passphrase in plaintext (sensitive)
Examples
Extract LUKS metadata from an encrypted device:
cryptsetup-luksDump /dev/sda3
Dump passphrase hash for a specific keyslot:
cryptsetup-luksDump --keyslot-num 2 /dev/sda3
Save LUKS header to a file:
cryptsetup-luksDump -o header.bin /dev/sda3
Common Issues
- "Device is locked" error: Ensure the device is unlocked using
cryptsetup openbefore dumping. - "Invalid or unsupported LUKS device" error: Check if the device is formatted with the LUKS partition scheme and is supported by
cryptsetup. - Missing or corrupted passphrase: If the passphrase is incorrect or the keyslot is damaged, dumping may fail. Try using the
--pw-plainoption to verify the passphrase.
Integration
cryptsetup-luksDump can be combined with other tools for advanced analysis:
- grep: Filter metadata for specific values or patterns (e.g.,
cryptsetup-luksDump /dev/sda3 | grep cipher) - xxd: Display raw binary data of the LUKS header (e.g.,
cryptsetup-luksDump /dev/sda3 | xxd) - luks-header-parser: Parse and decode the extracted LUKS header (e.g.,
luks-header-parser header.bin)
Related Commands
- cryptsetup: Main utility for managing encrypted devices
- cryptsetup-luksOpen: Open an encrypted LUKS device
- cryptsetup-luksFormat: Format a device with LUKS encryption