I have been in the habit of encrypting the primary volume on every Fedora install that I’ve done in the past couple of years but have never changed the password until now (outside of rebuilds). I figured it was time to learn how to do this so that I could maintain a consistent password across systems.
The basic procedure is this:
1. Determine which volume is encrypted.
On my system, I installed with the default partition layout, which has a single hard disk with two partitions. The first partition is /dev/sda1 and is the /boot volume which is not encrypted. The second partition is /dev/sda2 and is the partition that is encrypted with dm-crypt.
> fdisk -l /dev/sda Disk /dev/sda: 80.0 GB, 80000000000 bytes 255 heads, 63 sectors/track, 9726 cylinders, total 156250000 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0xb99fb99f Device Boot Start End Blocks Id System /dev/sda1 * 2048 1026047 512000 83 Linux /dev/sda2 1026048 156248063 77611008 83 Linux
2. Use cryptsetup to add a passphrase.
cryptsetup luksAddKey /dev/sda2
You will be prompted for a current pass-phrase (any) and then twice for the new pass-phrase. There is a limit of 8 slots that hold pass-phrases but you can delete unused or old pass-phrases.