A few weeks ago, I posted about how to add a pass-phrase to a LUKS encrypted volume. After filling the 8 available slots, that would no longer be an option and you would need to remove some old pass-phrases or update existing slots to add new pass-phrases.
To list the slots, use the luksDump command:
cryptsetup luksDump /dev/sda2
This will print out each slot and whether or not it’s used so that you can remove some old ones.
You can use the luksChangeKey option to update or over-write an existing slot.
cryptsetup luksChangeKey /dev/sda2
After running this command, the actual operation performed was to remove key slot 4 (in my case) and add an entry to slot 0 for the new key. Verified with luksDump again.
Leave a Reply