Ask Your Question
1

Change encryption password on drive. Fedora 20

asked 2014-04-11 02:21:19 -0500

updated 2016-02-02 15:32:07 -0500

florian gravatar image

I have a laptop, with Fedora 20 installed. I need to change the passphrase/password that it asks for at every boot. The encryption is LUKS. Two devices are encrypted, the hard drive itself, and the / (root) partition.

How would I change the password/passphrase on both devices?

edit retag flag offensive close merge delete

3 Answers

Sort by ยป oldest newest most voted
2

answered 2014-06-04 13:42:26 -0500

sparks gravatar image

Usually you'd want to add a new key (password) and then remove the old one (you an have multiple passwords to unlock the master key in LUKS). To do this you just:

luksAddKey <device> [<key file with new key>]
luksRemoveKey <device> [<key file with passphrase to be removed>]

You can also do a:

luksChangeKey <device> [<new key file>]

but there is a risk that you could lose all your data if there is an overwrite failure.

Additional information on these commands can be found by typing man cryptsetup and doing a search for luksAddKey.

edit flag offensive delete link more
3

answered 2014-06-06 10:49:36 -0500

Michael Catanzaro gravatar image

Open Disks (gnome-disk-utility), select the encrypted partition, click the little settings button and hit Change Passphrase. Make sure to do a backup beforehand, just in case.

edit flag offensive delete link more

Comments

Thank's didn't see that one, I use KDE and it also has a utility for it. I go to Applications -> Utilities -> Disks and there the disk's are listed. From there I can change the passhrase's.

somethingSomething gravatar imagesomethingSomething ( 2014-06-07 05:25:37 -0500 )edit

I couldn't fine Disks in Applications > Utilities..

sudhirkhanger gravatar imagesudhirkhanger ( 2014-06-08 12:37:22 -0500 )edit
2

answered 2014-04-11 03:18:42 -0500

cobra gravatar image

Are you using EncFS? If you are then the password change command is encfsctl passwd <mount-point>, but the drive should be mounted for this to work.

So I have some questions.

  1. These commands you show manipulate the key, not the password, are you sure you want to rekey the encryption? The new key should have a password assigned to prevent anyone just booting up and using it, if you change the key, the password you need will be the one protecting the new key.

  2. Is this password an encryption key password? It's not just a bootup password imposed by the BIOS is it?

  3. If you have enough disk space, you could copy out the encrypted filesystem contents as a backup, delete the encrypted filesystem, restore it from the backup as unencrypted, then go through the rigmarole of setting up encryption again with new keys. That does seem a bit like overkill for this problem, though.

edit flag offensive delete link more

Comments

I think it's LUKS, I'm pretty sure it's LUKS, it's the encryption that fedora uses for the install process(from the official dvd)

somethingSomething gravatar imagesomethingSomething ( 2014-04-11 12:50:52 -0500 )edit

@cobra 1. I think there comes a new key from one of those commands , This is what it says on fedora docs if I want to add a new passphrase to the device : Add a new passphrase to an existing device. 2. It's an encryption password. I encrypted my whole disk when installing fedora and this is the password it askes me at every boot. 3. Thanks for option three. It's an option. Still I don't think it's possible, as the whole drive or drives are encrypted.

somethingSomething gravatar imagesomethingSomething ( 2014-04-11 13:00:28 -0500 )edit

Question Tools

1 follower

Stats

Asked: 2014-04-11 02:21:19 -0500

Seen: 7,185 times

Last updated: Feb 02 '16