Hello Nick, Nick Boyce <n...@glimmer.adsl24.co.uk> wrote: > > You can check with > > # cryptsetup luksDump <device> > > Hmm .. well thanks for that command (I'm a novice) ... which confirms what > you > say - my single encrypted raw disk partition (containing the LVM mapped > system > volumes) does indeed have a LUKS header, with 8 keyslots; slot 0 is marked > "ENABLED", while the other 7 are "DISABLED". > > I think I'll proceed by doing a 'luksHeaderBackup', and then trying a pass- > phrase change. The subject will be 350Gb of data which has taken two months > to set up, so I'll be holding my breath :-/
If you do luksAddKey, you’ll have to enter one of the old
passphrases. After that, you can try unlocking the volume with the
new passphrase. If that succeeds, you can use luksKillSlot to remove
the first slot. For that, you’ll have to enter one of the remaining
passphrases (i. e. the one you just added).
I did this several times without problems, although I would suggest
unmounting the filesystem and closing the device.
Best regards,
Claudius
--
The life which is unexamined is not worth living.
-- Plato
http://chubig.net telnet nightfall.org 4242
signature.asc
Description: PGP signature
