LUKS Encryption keys location after setup

tsilvs · September 16, 2024, 11:16am

Where are the keys stored for LUKS partitions generated in Blivet after setup?

I have 3 LUKS-encrypted partitions, but I only need to enter decryption password once. I am curious where Anaconda & Blivet have saved the other two passwords. I may need to know that in case I forget those, can’t access my password storage & need to examine those partitions from another OS. I also want to save my second drive LUKS password somewhere system-wide so it will be unlocked on boot for all users.

Where I have looked already:

/etc/crypttab doesn’t mention any key files
/etc/lusk-keys/ doesn’t exist
/etc/cryptsetup-keys.d/ doesn’t exits
I can’t see anything LUKS-related in tpm

There are systemd-cryptsetup related logs in journalctl -b for multiple LUKS devices.

Where does systemd-cryptsetup store LUKS keys?

jayarmstrong · September 22, 2024, 5:13pm

are you sure they’re stored on disk? How does Fedora handle this? I’m curious as well.

I believe some versions of grub (older, perhaps) would simply try the same first key you typed against any subsequent LUKS devices.

tsilvs · September 22, 2024, 5:42pm

This is what I suspect now as well. Participants of other forums told me that.

Topic		Replies	Views
Installing Bluefin with LUKS – Best Practices General	0	157	November 12, 2024
Encryption during install; is it available for `just` the home directory? General	2	319	March 21, 2024
Upstream the LUKS password localization to Fedora? Bazzite	2	137	December 23, 2023
How to auto-mount Bitlocker NTFS encrypted drive at boot? Bazzite	1	71	January 2, 2025
Unlock luks via Unl0kr on Steam Deck? Bazzite	1	450	January 21, 2024

LUKS Encryption keys location after setup

Related topics