unixfuntime
Random tips, tricks, and musings from your local technophile
LUKS passphrases: Changing, adding, removing
Posted by on August 20, 2012
Recently we went over how to manually encrypt volumes in Linux. Today let’s talk a little bit about how to change, add, or remove passphrases. We’ll start by changing our current passphrase by first dropping down to init 3 and unmounting the encrypted volume before making the change. During this exercise we will need to be root, and I will be using the same encrypted volume that was built in the previous post.
init 3 umount /home cryptsetup luksClose home cryptsetup luksChangeKey /dev/vg00/lv02 < verify and change your passphrase here> cryptsetup luksOpen /dev/vg00/lv02 home mount /home
LUKS allows for up to 8 passwords to exist for a given partition, so let’s add one and then close and re-open it to verify that it worked.
cryptsetup luksAddKey /dev/vg00/lv02 < enter any current phrase - and add new phrase > umount /home cryptsetup luksClose home cryptsetup luksOpen /dev/vg00/lv02 home < enter our new passphrase > mount /home
Now lets say you don’t want that passphrase anymore and you want to remove it.
*NOTE* If you delete the last working passphrase there is no way to recover your data. If you try this you are warned before committing to it.
umount /home cryptsetup lulsClose home cryptsetup luksRemoveKey /dev/vg00/lv02 < enter the passphrase you want to remove > cryptsetup luksOpen /dev/vg00/lv02 home < enter the the one you removed, to verify that it is gone > mount /home
unixfuntime 
Do you mind if I quote a couple of your articles as long
as I provide credit and sources back to your blog?
My blog is in the exact same niche as yours and
my visitors would genuinely benefit from some of the information you provide here.
Please let me know if this alright with you. Thanks!
By all means, go right ahead. Thanks.