Saturday, March 6, 2021

How to change the full disk encryption (LUKS) password on Ubuntu

Goal:

This article shows how to change the full disk encryption (LUKS) password on Ubuntu.

Env:

Ubuntu 18.04

Solution:

When starting the OS, we may be prompted to ask for a password other than the user password, eg.
please unlock disk sda5_crypt
This is your full disk encryption (LUKS) password.
And the it implies it is something to do with "sda5" LVM.
After logon, you can use below method to change the password as root  user or using sudo.

1. Find out which LVM partition is encrypted

# cat /etc/crypttab
sda5_crypt UUID=12345678-1234-1234-1234-123456789012 none luks,discard

2. View currently used slots of the encrypted partition

# cryptsetup luksDump /dev/sda5 |grep ENABLED
Key Slot 0: ENABLED

3. Double check which LVM partition by looking up the UUID in step #1.

# ls -l /dev/disk/by-uuid/12345678-1234-1234-1234-123456789012
lrwxrwxrwx 1 root root 10 Mar  6 22:02 /dev/disk/by-uuid/12345678-1234-1234-1234-123456789012 -> ../../sda5

4. Change the password

# cryptsetup luksChangeKey /dev/sda5
Enter passphrase to be changed:
Enter new passphrase: 
Verify passphrase:

5. View currently used slots of the encrypted partition

# cryptsetup luksDump /dev/sda5 |grep ENABLED
Key Slot 1: ENABLED
Now the slot changes from Slot 0 to Slot 1 after password change.

6. Optional commands

# To add a new password
cryptsetup luksAddKey /dev/sda5

# To remove an existing password
cryptsetup luksRemoveKey /dev/sda5


Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts