Archive for September, 2011

Encrypted Volume Management

Wednesday, September 21st, 2011

A few weeks ago, I posted about how to add a pass-phrase to a LUKS encrypted volume. After filling the 8 available slots, that would no longer be an option and you would need to remove some old pass-phrases or update existing slots to add new pass-phrases.

To list the slots, use the luksDump command:

cryptsetup luksDump /dev/sda2

This will print out each slot and whether or not it’s used so that you can remove some old ones.

You can use the luksChangeKey option to update or over-write an existing slot.

cryptsetup luksChangeKey /dev/sda2

After running this command, the actual operation performed was to remove key slot 4 (in my case) and add an entry to slot 0 for the new key. Verified with luksDump again.