Page MenuHomePureOS Tracker

Change Disk Encryption Password
Updated 665 Days AgoPublic

Main PagePureOSTips & TricksChange Disk Encryption Password

How to change the password of an encrypted LVM system


IMPORTANT: You might want to backup your data to an external hard disk before doing this, as a precaution.

Method 1: Using the terminal

LUKS allows for an encrypted partition/system to have multiple passwords and also to remove them. So to change the password we first add the new password and then remove the old one.

  • Get the name of the encrypted volume

Open the terminal application Tilix and type the command:
lsblk

It will show you the name of the partition, ignore /boot and /swap

cdp1

NOTE: In this case the encrypted volume is called sda2, but on your machine it can have a different name. Make sure you adjusted these commands to with the name of your device!

Add a new password

  • In Tilix run the command:

sudo cryptsetup luksAddKey /dev/device_name

  • It will ask you for your user password, type it and press enter.

cdp1

  • Next you will be asked for the old disk encryption password, type it and press enter.

cdp1

  • Type the new password you want for the encrypted disk, and press enter

cdp1

  • Confirm the new password and press enter

cdp1

The new password is now added

cdp1

Removing the old password

From Tilix run the command:
sudo cryptsetup luksRemoveKey /dev/device_name

cdp1

  • Type the password that you want to delete and press enter

cdp1


Method 2: Using GNOME DISKS

IMPORTANT: Because of the bug: https://tracker.pureos.net/T541, please DO NOT USE THIS METHOD for now! You will lose access to your encrypted disk.

Start up GNOME Disks and click the encrypted volume you wish to change the password for, click the gear icon and select Change Passphrase...:

cdp1

Enter your current and new password, and that's it:

cdp2

Last Author
joao.azevedo
Last Edited
Jun 20 2019, 08:24

Event Timeline

mladen created this document.Sep 15 2017, 13:47
mladen edited the content of this document. (Show Details)
mladen edited the content of this document. (Show Details)Oct 29 2017, 14:08
mladen edited the content of this document. (Show Details)Nov 1 2017, 09:41
mladen changed the edit policy from "All Users" to "Restricted Project (Project)".May 10 2018, 07:52
mladen edited the content of this document. (Show Details)Aug 10 2018, 12:23
mladen edited the content of this document. (Show Details)
jeremiah.foster edited the content of this document. (Show Details)Jan 28 2019, 11:00
joao.azevedo edited the content of this document. (Show Details)Jun 20 2019, 08:24
Wildfire added a subscriber: Wildfire.EditedDec 29 2020, 10:39

luks cryptsetup- trying to change encrypt pw
I see the warning, about using GNOME Disks to change the pw. I went to the link https://tracker.pureos.net/T541, and checked for updates to the string. Seems that mladen posted an update back in June 2020 that this issue was resolved. "Debian bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928893 indicates that this has been fixed."
We are now headed in Jan 2021, can anyone confirm this to be true? I would prefer not to be the "ginny pig".
I tried the terminal route first and ran into some issues and did not work out as described above. My drives are set up differently, I have two drives in this machine and not listed as sda's.
Before I dove down that rabbit hole, I figured I would revisit using GNOME Disks, as it would be far easier, if its safe.
I don't have a virtual machine set up yet to test it out on.
Feedback please.
12-30-20 update- used the GNOME Disks and reset the passphrase with no issues.

PS - Does anyone know what the little reset hole on the bottom of my Lib15 actually does? Does it restore the laptop to factory default and wipe everything? This is a fresh machine, no data to lose yet, so that is not much of an issue to go back to (Off Shelf Factory Default) and start the set up process over. I don't however get locked out of my drive by screwing up the pw reset,