List All Cryptsetup Encrypted Partitions

In order to know which devices are encrypted, we need to list them out crisp and clear. This section guides you on how to list all Cryptsetup encrypted partitions, be in internally setup or external devices.

Listing Devices

To list the devices, you need the command "lsblk".

By Graphical Representations

The very basic command would be:

$ lsblk --fs

This command will list all the devices and partitions, something like the following:

loop30         squashf                                              /snap/shellc
loop31         squashf                                              /snap/shellc
loop32         squashf                                              /snap/atom/2
sda                                                                 
├─sda1         ext2          <-UUID->-UUID-UUID-UUID-<---UUID--->   /boot
└─sda5         crypto_       <-UUID->-UUID-UUID-UUID-<---UUID--->  
  └─sda5_crypt LVM2_me       <-UUID->-UUID-UUID-UUID-<---UUID---> 
    ├─hostname--vg-root
    │          ext4          <-UUID->-UUID-UUID-UUID-<---UUID--->   /
    └─hostname--vg-swap_1
               swap          <-UUID->-UUID-UUID-UUID-<---UUID--->   [SWAP]

You're highly interested with the partition with the label "crypto_LUKS" or "crypto_" (the latter is due to the display spacing cutoff). Those with these labels signifies that partition is encrypted with LUKS.

If there is any decrypted / open LUKS partition, it has a child directory. In this case, you want to look for sda5_crypt partition name. Depending on what is the partition manager inside the encrypted volumes, you'll see all the listed partition insides.

If you just want to list only the encrypted partition, pipe it with grep crypto_LUKS. This will give you the list of encrypted partitions, regardless it is open or otherwise.

$ lsblk --fs | grep crypto_LUKS
└─sda5                             crypto_LUKS       <-UUID->-UUID-UUID-UUID-<---UUID--->

By Command Line Parsing

To scan and read by parsing, simply attach the --list argument. The command is as follows:

$ lsblk --fs --list

This will output:

loop30         squashf                                              /snap/shellc
loop31         squashf                                              /snap/shellc
loop32         squashf                                              /snap/atom/2
sda                                                                 
sda1           ext2          <-UUID->-UUID-UUID-UUID-<---UUID--->   /boot
sda5           crypto_       <-UUID->-UUID-UUID-UUID-<---UUID--->  
sda5_crypt     LVM2_me       <-UUID->-UUID-UUID-UUID-<---UUID---> 
hostname--vg-root
               ext4          <-UUID->-UUID-UUID-UUID-<---UUID--->   /
hostname--vg-swap_1
               swap          <-UUID->-UUID-UUID-UUID-<---UUID--->   [SWAP]

Similarly, you're interested in label "crypto_LUKS" or "crypto_" so you may filter it using grep and uniq. An example command would be:

lsblk -fs --list | grep crypto_LUKS | uniq | grep -o '^\S*'

Which yields:

sda5
sdb2

That's all about listing all encrypted partitions in an operating system.