| created on | January 19, 2022 |
LUKS key management
adding and deleting keys
LUKS partitions can have up to eight keys, with each key in its key slot.
Check key slots with
cryptsetup luksDump /dev/sdb1 | grep Slot
adding a new key (password)
cryptsetup luksAddKey /dev/sdb1
adding a new key (password) to a specific slot
cryptsetup luksAddKey /dev/sdb1 -S 5
delete a passphrase. the passphrase that is provided will be deleted:
cryptsetup luksRemoveKey /dev/sdb1
Enter LUKS passphrase to be deleted:
delete a key of an specific slot:
cryptsetup luksKillSlot /dev/sdb1 2
adding key files
adding a keyfile
cryptsetup luksAddKey /dev/sdb1 keyfile
testing keys
testing without specifying keyslot
root@idoru:/# cryptsetup --verbose open --test-passphrase /dev/sda3
Enter passphrase for /dev/sda3:
Key slot 7 unlocked.
Command successful.
root@idoru:/#
testing a specific keyslot
root@idoru:/# cryptsetup --verbose open --test-passphrase --key-slot 7 /dev/sda3
Enter passphrase for /dev/sda3:
Key slot 7 unlocked.
Command successful.
root@idoru:/#