cryptsetup-luksErase - Linux
Overview
cryptsetup-luksErase is a specialized utility that securely erases the LUKS (Linux Unified Key Setup) header and all encrypted data associated with a LUKS-encrypted block device. It is useful for securely decommissioning or repurposing LUKS-encrypted devices.
Syntax
cryptsetup-luksErase <device> [options]
Options/Flags
| Option | Description |
|—|—|
| -d | Dry-run mode. Verifies the device’s LUKS header without erasing it. |
| -v | Verbose mode. Provides detailed progress information. |
| -q | Quiet mode. Suppresses all output except errors. |
| -c | Prompt for confirmation before erasing the device. |
| -t | Timeout for LUKS header unlock in seconds. Default: 60. |
Examples
Erasing a LUKS-encrypted device:
cryptsetup-luksErase /dev/sda3
Verifying the device’s LUKS header without erasing it:
cryptsetup-luksErase -d /dev/sda3
Erasing the device with verbose progress information:
cryptsetup-luksErase -v /dev/sda3
Common Issues
- Device not found: Ensure the specified device path is correct and that the device is connected and accessible.
- Permission denied: The user running the command must have write permissions to the device.
- Incorrect passphrase: Verify that the provided passphrase is the correct one for unlocking the LUKS header.
Integration
cryptsetup-luksErase can be integrated with other commands to create automated tasks, such as:**
- Securely wiping a device before reusing it:
dd if=/dev/zero of=/dev/sda bs=10M; cryptsetup-luksErase /dev/sda
- Creating a new LUKS header after erasing:
cryptsetup-luksErase /dev/sda; cryptsetup luksFormat /dev/sda
Related Commands
- cryptsetup: Primary tool for managing LUKS-encrypted devices.
- luksdump: Utility for dumping the LUKS header information.