我有一个使用 LUKS 的加密卷,但不确定它是 LUKS1 还是 LUKS2。
这是 lsblk 输出:
[acoder@rhel7 ~]# lsblk --fs
NAME FSTYPE LABEL UUID MOUNTPOINT
sr0
vda
├─vda1 xfs b05d3e82-d170-42d1-b0e1-a0a84e8722d6 /boot
├─vda2 vfat 841D-B7DD /boot/efi
└─vda3 LVM2_member e1lbWc-iwdF-VJ9C-3nsz-NhrE-pGlH-8YgSy3
├─rhel-06 crypto_LUKS d718f899-1a0d-4bb3-b2b7-0a6c12606c78
│ └─luks-d718f899-1a0d-4bb3-b2b7-0a6c12606c78 xfs 2cea9ac7-95f2-48a4-8cf3-37ea9c6e9375 /
├─rhel-00 crypto_LUKS 8f3a9565-3767-4935-8730-fbe21c927a4d
│ └─luks-8f3a9565-3767-4935-8730-fbe21c927a4d swap a914ceb3-5a2e-4d22-b8eb-30069087eee0 [SWAP]
├─rhel-02 crypto_LUKS c7453246-6dd7-4cc7-bd5d-0d3518f0d35d
│ └─luks-c7453246-6dd7-4cc7-bd5d-0d3518f0d35d xfs 3ab1bbac-633d-4548-9a6c-61deae6f0e69 /usr
├─rhel-01 crypto_LUKS 15c73981-a4f2-484c-acfd-f09312143698
│ └─luks-15c73981-a4f2-484c-acfd-f09312143698 xfs 6059b317-ffd3-4ee7-9804-1f9988372464 /home
├─rhel-03 crypto_LUKS 3d401862-3a47-423a-8c9a-4505ca214d0f
│ └─luks-3d401862-3a47-423a-8c9a-4505ca214d0f xfs 35c1c30f-dd91-4bc6-9fe8-324b92cbd126 /var
├─rhel-04 crypto_LUKS 374cb4e2-a4ad-4c9a-9188-e3927166fada
│ └─luks-374cb4e2-a4ad-4c9a-9188-e3927166fada xfs 673979b8-88ed-4803-83ff-dce166f83d8a /var/log
├─rhel-05 crypto_LUKS 5658d96d-1fb5-4e87-898f-31c7c8ba8de5
│ └─luks-5658d96d-1fb5-4e87-898f-31c7c8ba8de5 xfs 8ca6df73-c3af-44cc-9ba8-d370e47a0d5a /var/log/audit
├─rhel-07 crypto_LUKS 4a7392cf-ede2-433e-b889-cf1d3cab16b5
│ └─luks-4a7392cf-ede2-433e-b889-cf1d3cab16b5 xfs a0a11191-f488-43e9-90cb-802287d01569 /data/www
└─rhel-08 crypto_LUKS 4cbfb84b-8747-45d4-99dc-a1d1f0100188
└─luks-4cbfb84b-8747-45d4-99dc-a1d1f0100188 xfs 15b5db1f-e6ad-4057-a0d9-780a08adb16c /data/db
我尝试发出cryptsetup luksDump dev,但没有看到任何输出:
[acoder@rhel7 ~]# cryptsetup luksDump /dev/vda
[acoder@rhel7 ~]# cryptsetup luksDump /dev/vda1
[acoder@rhel7 ~]# cryptsetup luksDump /dev/vda2
[acoder@rhel7 ~]# cryptsetup luksDump /dev/vda3
[acoder@rhel7 ~]#
红帽说RHEL8默认使用LUKS2,但是相同的页面RHEL7不指定类型。
编辑1
这是输出
cryptsetup luksDump /dev/mapper/rhel-00
# cryptsetup luksDump /dev/mapper/rhel-00
LUKS header information for /dev/mapper/rhel-00
Version: 1
Cipher name: aes
Cipher mode: xts-plain64
Hash spec: sha1
Payload offset: 4096
MK bits: 512
MK digest: b9 48 e2 bb 4e ae 70 9b c9 b5 b1 5e e6 9f ad fe 5c 58 15 b8
MK salt: 40 27 f3 f9 f2 be 21 a1 25 a6 1a 21 0b 12 5a f2
ed cd c9 02 6e 36 d7 8e b1 90 96 86 c2 68 2c a6
MK iterations: 64000
UUID: 8f3a9565-3767-4935-8730-fbe21c927a4d
Key Slot 0: ENABLED
Iterations: 128255
Salt: e2 e6 e1 a7 06 49 2b af e6 00 4f 6a e1 60 24 f1
a2 2b 41 9f 4f 4b 65 a0 a4 10 1a 6c 72 97 56 50
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
如果我在 RHEL 8 系统上运行相同的命令,我仍然显示“版本 1”,因此我不确定这是一个可靠的标记(根据 RHEL 文档,RedHat 8 默认情况下使用 LUKS2)。
最终,我正在努力永久解密该系统上的卷。在尝试解密之前,我需要确定我使用的 LUKS 版本是什么。
是否有其他方法可以确定该系统正在使用哪个 LUKS 版本?