GELI change passphrase

L

luckylinux

I researched this topic a bit but it seems that it's only possible to use geli setkey -K to change keys and not passphrase(s).
Any idea how to do the latter (other than recreate another encrypted RAID with the new password and copy data from the old one)?
 
Are you currently using a keyfile, a passphrase or both? The -K option specifies a keyfile and a passphrase (unless you use -P to disable the passphrase component). You probably just need # geli setkey /dev/[i]something[/i]
The geli(8) man page clearly lists the options.
 
fonz said:
Are you currently using a keyfile, a passphrase or both? The -K option specifies a keyfile and a passphrase (unless you use -P to disable the passphrase component). You probably just need # geli setkey /dev/[i]something[/i]
The geli(8) man page clearly lists the options.
Click to expand...

Currently I'm just using a passphrase (no keyfile at all).
The man page doesn't provide any example on how to change passphrase (but it does on how to change the keyfile).
Since there was no option for geli setkey on how to change passphrase I assumed it wasn't possible.

So after having run
# geli setkey /dev/[i]something[/i]
I should be prompted twice for the (new) passphrase?
 
luckylinux said:
So after having run
# geli setkey /dev/[i]something[/i]
I should be prompted twice for the (new) passphrase?
Click to expand...
Yep. When currently using a passphrase and wanting to simply set a new passphrase, the above should suffice. It will prompt you for the new passphrase twice and it will prompt you for the current passphrase first if the device in question isn't currently attached. If it is, you're not asked for the old passphrase.
 
fonz said:
Yep. When currently using a passphrase and wanting to simply set a new passphrase, the above should suffice. It will prompt you for the new passphrase twice and it will prompt you for the current passphrase first if the device in question isn't currently attached. If it is, you're not asked for the old passphrase.
Click to expand...


Good to know. Many thanks. Marking this thread as solved ;)
 
You must log in or register to reply here.
Back
Top