Hello Nick, Nick Boyce <n...@glimmer.adsl24.co.uk> wrote: > > You can check with > > # cryptsetup luksDump <device> > > Hmm .. well thanks for that command (I'm a novice) ... which confirms what > you > say - my single encrypted raw disk partition (containing the LVM mapped > system > volumes) does indeed have a LUKS header, with 8 keyslots; slot 0 is marked > "ENABLED", while the other 7 are "DISABLED". > > I think I'll proceed by doing a 'luksHeaderBackup', and then trying a pass- > phrase change. The subject will be 350Gb of data which has taken two months > to set up, so I'll be holding my breath :-/
If you do luksAddKey, you’ll have to enter one of the old passphrases. After that, you can try unlocking the volume with the new passphrase. If that succeeds, you can use luksKillSlot to remove the first slot. For that, you’ll have to enter one of the remaining passphrases (i. e. the one you just added). I did this several times without problems, although I would suggest unmounting the filesystem and closing the device. Best regards, Claudius -- The life which is unexamined is not worth living. -- Plato http://chubig.net telnet nightfall.org 4242
signature.asc
Description: PGP signature