Random tips, tricks, and musings from your local technophile
LUKS passphrases: Changing, adding, removing
August 20, 2012Posted by on
Recently we went over how to manually encrypt volumes in Linux. Today let’s talk a little bit about how to change, add, or remove passphrases. We’ll start by changing our current passphrase by first dropping down to init 3 and unmounting the encrypted volume before making the change. During this exercise we will need to be root, and I will be using the same encrypted volume that was built in the previous post.
init 3 umount /home cryptsetup luksClose home cryptsetup luksChangeKey /dev/vg00/lv02 < verify and change your passphrase here> cryptsetup luksOpen /dev/vg00/lv02 home mount /home
LUKS allows for up to 8 passwords to exist for a given partition, so let’s add one and then close and re-open it to verify that it worked.
cryptsetup luksAddKey /dev/vg00/lv02 < enter any current phrase - and add new phrase > umount /home cryptsetup luksClose home cryptsetup luksOpen /dev/vg00/lv02 home < enter our new passphrase > mount /home
Now lets say you don’t want that passphrase anymore and you want to remove it.
*NOTE* If you delete the last working passphrase there is no way to recover your data. If you try this you are warned before committing to it.
umount /home cryptsetup lulsClose home cryptsetup luksRemoveKey /dev/vg00/lv02 < enter the passphrase you want to remove > cryptsetup luksOpen /dev/vg00/lv02 home < enter the the one you removed, to verify that it is gone > mount /home