How do I change my FDE passphrase?

I just setup a full disk encryption passphrase to test the function because I was running into a system error when I used a longer passsphrase . So now I need help with changing it and I don’t want to make any mistakes or run into any errors for the obvious reason.

1 Like

You can use sudo cryptsetup luksChangeKey <device> to change the passphrase. If you want to be 100 % safe you can use sudo cryptsetup luksAddKey <device> to add a new passphrase and after you check that everything works you can remove the old passphrase with sudo cryptsetup luksRemoveKey <device> (it will ask for passphrase and remove keyslot associated with the passphrase you provide; be careful with this command if you remove the last keyslot you currently have, it will make your disk inaccessible).

You can use lsblk -f to identify the correct device, look for device (partition) with fstype crypto_LUKS, example:

nvme0n1
├─nvme0n1p1                                   vfat        FAT32 
├─nvme0n1p2                                   ext4        1.0  
└─nvme0n1p3                                   crypto_LUKS 2 

So here you would use sudo cryptsetup luksChangeKey /dev/nvme0n1p3.

4 Likes

I have used the command lsblk -f to id the correct device so I could start the second step sudo cryptsetup luksAddKey <device> but no devices are shown.

It shows nothing at all or just doesn’t show a LUKS device?

It’s working fine now , and I am presented with this: (I used * to replace the alphanumeric strings )

sda
├─sda1
│ ext4 1.0 ************************ 593.1M 32% /boot
└─sda2
crypto 2 ********************************
└─luks-********************************
btrfs fedora_localhost-live
***********************************160.4G 3% /home
/
zram0
[SWAP]

7 Ways to Determine the File System Type in Linux (Ext2, Ext3 or Ext4)

I am still unsure whci is the correct device. Can you help me ?

The formatting of the output makes it harder to read here, but your LUKS partition is /dev/sda2. You can double check with sudo cryptsetup luksDump /dev/sda2, it will show some LUKS header information for LUKS devices and an error message for other.

1 Like