unixfuntime

Random tips, tricks, and musings from your local technophile

LUKS passphrases: Changing, adding, removing

Recently we went over how to manually encrypt volumes in Linux. Today let’s talk a little bit about how to change, add, or remove passphrases. We’ll start by changing our current passphrase by first dropping down to init 3 and unmounting the encrypted volume before making the change. During this exercise we will need to be root, and I will be using the same encrypted volume that was built in the previous post.

init 3
umount /home
cryptsetup luksClose home
cryptsetup luksChangeKey /dev/vg00/lv02
< verify and change your passphrase here>
cryptsetup luksOpen /dev/vg00/lv02 home
mount /home

LUKS allows for up to 8 passwords to exist for a given partition, so let’s add one and then close and re-open it to verify that it worked.

cryptsetup luksAddKey /dev/vg00/lv02
< enter any current phrase - and add new phrase >
umount /home
cryptsetup luksClose home
cryptsetup luksOpen /dev/vg00/lv02 home
< enter our new passphrase >
mount /home

Now lets say you don’t want that passphrase anymore and you want to remove it.

*NOTE* If you delete the last working passphrase there is no way to recover your data. If you try this you are warned before committing to it.

umount /home
cryptsetup lulsClose home
cryptsetup luksRemoveKey /dev/vg00/lv02
< enter the passphrase you want to remove >
cryptsetup luksOpen /dev/vg00/lv02 home
< enter the the one you removed, to verify that it is gone >
mount /home
Advertisements

2 responses to “LUKS passphrases: Changing, adding, removing

  1. proxy sites August 26, 2012 at 1:32 am

    Do you mind if I quote a couple of your articles as long
    as I provide credit and sources back to your blog?

    My blog is in the exact same niche as yours and
    my visitors would genuinely benefit from some of the information you provide here.
    Please let me know if this alright with you. Thanks!

  2. rojortiz32 August 27, 2012 at 1:01 pm

    By all means, go right ahead. Thanks.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: