15
submitted 5 months ago* (last edited 5 months ago) by electro1@infosec.pub to c/linuxquestions@lemmy.zip

I tried the following

sudo cryptsetup luksChangekey /dev/nvme0n1p3 < new passphrase > 

It then asks for the Sudo password, then asks for the old passphrase, but then it prints this error message

Failed to open key file.

what went wrong ?

Edit: turns out using GNOME Disks is way more straightforward.. 😅, thank you all

top 11 comments
sorted by: hot top controversial new old
[-] scsi@lemm.ee 5 points 5 months ago

Refer to the cryptsetup-luksChangeKey man page --key-file options, you cannot change the password directly on a commandline; you either (a) type it interactively, (b) put it in a keyfile, or (c) accept input from STDIN with the standard use of - on the end (e.g. echo "mypass" | cryptsetup luksChangeKey /dev/sda - )

[-] NoamParenti@hexbear.net 4 points 5 months ago

The correct syntax is cryptsetup luksChangeKey <device> <key file>. So what you tried is opening a file that is named like your new passphrase. Such a file of course (hopefully) doesn't exist.

Just omit the last parameter, i.e. sudo cryptsetup luksChangekey /dev/nvme0n1p3 and enter the new password when it asks you to.

[-] hellfire103@lemmy.ca 2 points 5 months ago

Have you tried using GNOME Disk Utility?

[-] electro1@infosec.pub 1 points 5 months ago

I have it installed, but I don't see the option 🤷‍♂️

[-] sloppy_diffuser@sh.itjust.works 2 points 5 months ago

Try clicking on the encrypted partition to get the passphrase option.

https://askubuntu.com/questions/95137/how-to-change-luks-passphrase

[-] hellfire103@lemmy.ca 1 points 5 months ago
[-] electro1@infosec.pub 2 points 5 months ago

OMG, thank youu.. It worked.. 🥳

[-] booooop@hexbear.net 2 points 5 months ago

What is the output if you run sudo cryptsetup --verbose open --test-passphrase /dev/nvme0n1p3?

[-] electro1@infosec.pub 2 points 5 months ago

It asks for the sudo password, then it prints

No usable token is available.

Then it asks : Enter passphrase for /dev/nvme0n1p3:

After entering my old passphrase it prints:

Key slot 0 unlocked
Command Successful.
[-] booooop@hexbear.net 2 points 5 months ago

Alright so no permission issue, what if you run the changekey command in a separate bash subprocess? sudo bash -c '($your-changekey-command-here)'

[-] electro1@infosec.pub 2 points 5 months ago

Is it like the same first "cryptsetup luksChangekey..." But inside parentheses ? Im sure I'm getting the syntax wrong.. It prints

bash: line 1: -luksChangekey: command not found
this post was submitted on 01 Jun 2024
15 points (100.0% liked)

Linux Questions

1060 readers
1 users here now

Linux questions Rules (in addition of the Lemmy.zip rules)

Tips for giving and receiving help

Any rule violations will result in disciplinary actions

founded 1 year ago
MODERATORS