How to Change LUKS Encryption Passphrase

This is a simple way to change your LUKS Encryption Passphrase:

  1. Get the encryption information of your disk from the /etc/crypttab file.
sudo cat /etc/crypttab

you will get a string like this:

sda2_crypt UUID=14312ef1-5055-45f5-b1fc-0f54669e6d1f none luks,discard>
  1. Dump the header information

for example, my encrypted disk is /dev/sda2

sudo cryptsetup luksDump /dev/sda2

you will get like this:

LUKS header information
Version:        2
Epoch:          4
Metadata area:  16384 [bytes]
Keyslots area:  16744448 [bytes]
UUID:           14312ef1-5055-45f5-b1fc-0f54669e6d1f
Label:          (no label)
Subsystem:      (no subsystem)
Flags:          (no flags)

Data segments:
  0: crypt
    offset: 16777216 [bytes]
    length: (whole device)
    cipher: aes-xts-plain64
    sector: 512 [bytes]

  0: luks2
    Key:        512 bits
    Priority:   normal
    Cipher:     aes-xts-plain64
    Cipher key: 512 bits
    PBKDF:      argon2i
    Time cost:  7
    Memory:     1048576
    Threads:    4
    Salt:       fc 9d b7 e0 ec 06 d0 b1 47 09 61 6f c1 73 f9 51 
                b7 ff 9b 6b 44 a0 2b c5 dd 5a c4 7e 46 28 c3 62 
    AF stripes: 4000
    AF hash:    sha256
    Area offset:32768 [bytes]
    Area length:258048 [bytes]
    Digest ID:  0
  0: pbkdf2
    Hash:       sha256
    Iterations: 136107
    Salt:       40 82 65 fc cf e1 24 d3 0d b8 85 07 13 c7 dd a1 
                03 52 6a b9 04 b8 6d 23 4a d1 90 89 cb 96 a7 ca 
    Digest:     5b d0 10 56 e4 9a ff e1 eb 14 2a fb 4d 85 ba c3 
                a7 75 fa fa 6c 24 cc 01 b0 9c 34 dd 48 98 1a d9
  1. Get the slot assigned to your LUKS
sudo cryptsetup --verbose open --test-passphrase /dev/sda2

you get something like this:

Enter passphrase for /dev/sda3: 
Key slot 0 unlocked.
Command successful.

so the key slot is slot 0.

  1. Change the passphrase for slot X
sudo cryptsetup luksChangeKey /dev/sda2 -S 0


Enter passphrase to be changed: 
Enter new passphrase: 
Verify passphrase: 

to verify:

sudo cryptsetup --verbose open --test-passphrase /dev/sda2

Wagiman Wiryosukiro

Petani Sistem Informasi, tukang las plugin & themes Wordpress. Co-Founder Saat ini aktif sebagai Developer & kontributor di OpenMandriva Linux.

You may also like...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: