Changing luks password with cryptsetup

2014-10-31 at 15:13:23 | categories: tips, linux

I use dm-crypt for encrypting my partitions - both on local machine and on backup drive as well. From time to time it makes sense to change password, and... the question is how to do it.

First of all figure out in which slot luks stores password for your drive:

cryptsetup luksDump /dev/xxx

You will get something like this:

Key Slot 0: DISABLED
Key Slot 1: ENABLED
    Iterations:             477611
    Salt:                   66 5d f0 cf 4b 7b d2 d7 62 6a 2f 0e d2 23 11 33 
                            fe 35 2e 14 32 46 e0 8f cb f9 f0 16 2c 5b 03 72 
    Key material offset:    264
    AF stripes:             4000
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

In this case it is slot 1.

Then just: cryptsetup luksChangeKey /dev/xxx -S <slot>

And you will be prompted for the current key and for the new one.

It can be done while disk is mounted.

Good luck.