Change Encrypted Volume Password – Fedora / Linux

I have been in the habit of encrypting the primary volume on every Fedora install that I’ve done in the past couple of years but have never changed the password until now (outside of rebuilds). I figured it was time to learn how to do this so that I could maintain a consistent password across systems.

The basic procedure is this:

1. Determine which volume is encrypted.

On my system, I installed with the default partition layout, which has a single hard disk with two partitions. The first partition is /dev/sda1 and is the /boot volume which is not encrypted. The second partition is /dev/sda2 and is the partition that is encrypted with dm-crypt.

> fdisk -l /dev/sda

Disk /dev/sda: 80.0 GB, 80000000000 bytes
255 heads, 63 sectors/track, 9726 cylinders, total 156250000 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xb99fb99f

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     1026047      512000   83  Linux
/dev/sda2         1026048   156248063    77611008   83  Linux

2. Use cryptsetup to add a passphrase.

cryptsetup luksAddKey /dev/sda2

You will be prompted for a current pass-phrase (any) and then twice for the new pass-phrase. There is a limit of 8 slots that hold pass-phrases but you can delete unused or old pass-phrases.

Leave a Reply

Your email address will not be published. Required fields are marked *