I just setup a full disk encryption passphrase to test the function because I was running into a system error when I used a longer passsphrase . So now I need help with changing it and I don’t want to make any mistakes or run into any errors for the obvious reason.
You can use sudo cryptsetup luksChangeKey <device>
to change the passphrase. If you want to be 100 % safe you can use sudo cryptsetup luksAddKey <device>
to add a new passphrase and after you check that everything works you can remove the old passphrase with sudo cryptsetup luksRemoveKey <device>
(it will ask for passphrase and remove keyslot associated with the passphrase you provide; be careful with this command if you remove the last keyslot you currently have, it will make your disk inaccessible).
You can use lsblk -f
to identify the correct device, look for device (partition) with fstype crypto_LUKS
, example:
nvme0n1
├─nvme0n1p1 vfat FAT32
├─nvme0n1p2 ext4 1.0
└─nvme0n1p3 crypto_LUKS 2
So here you would use sudo cryptsetup luksChangeKey /dev/nvme0n1p3
.
I have used the command lsblk -f
to id the correct device so I could start the second step sudo cryptsetup luksAddKey <device>
but no devices are shown.
It shows nothing at all or just doesn’t show a LUKS device?
It’s working fine now , and I am presented with this: (I used * to replace the alphanumeric strings )
sda
├─sda1
│ ext4 1.0 ************************ 593.1M 32% /boot
└─sda2
crypto 2 ********************************
└─luks-********************************
btrfs fedora_localhost-live
***********************************160.4G 3% /home
/
zram0
[SWAP]
I am still unsure whci is the correct device. Can you help me ?
The formatting of the output makes it harder to read here, but your LUKS partition is /dev/sda2
. You can double check with sudo cryptsetup luksDump /dev/sda2
, it will show some LUKS header information for LUKS devices and an error message for other.