Linux Questions

1068 readers

22 users here now

Linux questions Rules (in addition of the Lemmy.zip rules)

stay on topic
be nice (no name calling)
do not post long blocks of text such as logs
do not delete your posts
only post questions (no information posts)

Tips for giving and receiving help

be as clear and specific
say thank you if a solution works
verify your solutions before posting them as facts.

Any rule violations will result in disciplinary actions

founded 1 year ago

MODERATORS

possiblylinux127@lemmy.zip

[ Solved ] I can't change Disk Encryption password (infosec.pub)

submitted 5 months ago* (last edited 5 months ago) by electro1@infosec.pub to c/linuxquestions@lemmy.zip

11 comments fedilink hide all child comments

I tried the following

sudo cryptsetup luksChangekey /dev/nvme0n1p3 < new passphrase >

It then asks for the Sudo password, then asks for the old passphrase, but then it prints this error message

Failed to open key file.

what went wrong ?

Edit: turns out using GNOME Disks is way more straightforward.. 😅, thank you all

top 11 comments

sorted by: hot top controversial new old

[–] scsi@lemm.ee 5 points 5 months ago

Refer to the cryptsetup-luksChangeKey man page --key-file options, you cannot change the password directly on a commandline; you either (a) type it interactively, (b) put it in a keyfile, or (c) accept input from STDIN with the standard use of - on the end (e.g. echo "mypass" | cryptsetup luksChangeKey /dev/sda - )

[–] NoamParenti@hexbear.net 4 points 5 months ago

The correct syntax is cryptsetup luksChangeKey <device> <key file>. So what you tried is opening a file that is named like your new passphrase. Such a file of course (hopefully) doesn't exist.

Just omit the last parameter, i.e. sudo cryptsetup luksChangekey /dev/nvme0n1p3 and enter the new password when it asks you to.

[–] hellfire103@lemmy.ca 2 points 5 months ago (1 children)

Have you tried using GNOME Disk Utility?

[–] electro1@infosec.pub 1 points 5 months ago (2 children)

I have it installed, but I don't see the option 🤷‍♂️

[–] sloppy_diffuser@sh.itjust.works 2 points 5 months ago

Try clicking on the encrypted partition to get the passphrase option.

https://askubuntu.com/questions/95137/how-to-change-luks-passphrase

[–] hellfire103@lemmy.ca 1 points 5 months ago (1 children)

Here's how to find it: https://spectra.video/w/tbLNakrf2ncii4NrqJbwE8

[–] electro1@infosec.pub 2 points 5 months ago

OMG, thank youu.. It worked.. 🥳

[–] booooop@hexbear.net 2 points 5 months ago (1 children)

What is the output if you run sudo cryptsetup --verbose open --test-passphrase /dev/nvme0n1p3?

[–] electro1@infosec.pub 2 points 5 months ago (1 children)

It asks for the sudo password, then it prints

No usable token is available.

Then it asks : Enter passphrase for /dev/nvme0n1p3:

After entering my old passphrase it prints:

Key slot 0 unlocked
Command Successful.

[–] booooop@hexbear.net 2 points 5 months ago (1 children)

Alright so no permission issue, what if you run the changekey command in a separate bash subprocess? sudo bash -c '($your-changekey-command-here)'

[–] electro1@infosec.pub 2 points 5 months ago

Is it like the same first "cryptsetup luksChangekey..." But inside parentheses ? Im sure I'm getting the syntax wrong.. It prints

bash: line 1: -luksChangekey: command not found