Full Disk Encryption password not changed properly

As you may know, with OpenSUSE there are two times that you have to enter the passwort with full disk encryption: First at GRUB level just before the menu (to decrypt the boot partition) and then to boot the OS. If you enter the password incorrectly at GRUB level, it tells you that the disk could not be found and enters grub rescue mode.

I have changed the full disk encryption password with the “Disk” utility, but only for one partition, because that was the only one where “Change password” was available. It was the same password as before, just with one letter changed. I have typed it in twice correctly, checked the “Show password” checkbox to make sure again.

At first I was hesitant, because I feared that it might just change one of the two passwords, but then “df /boot” told be that the boot partition was on the LVM root partition, too (at least that is what I interpreted from the output).

Now rebooting the machine, I have typed in the password many different times with an external keyboard. I have tried the old password, which I know very well, and I have tried the new password, with just one letter changed. But now it always says that the disk can not be found. When entering rescue mode, I have typed it in again in many different forms, to make sure that I don’t usually mistype and that every key is working. And the keys work like they should. But the password is not accepted.

What could have gone wrong when changing the password like described? It’s a password with only english lower letters and spaces. The worst case would be that I forgot the password, but as described, I have taken countless measurements that it’s the correct one. Please don’t tell me all the data is gone.

EDIT: The lvmid of the disk that GRUB does not find seems to have changed, too, after changing the password. I assume this is usual behaviour.

I am not clear on what you did to change the password.

For LUKS encryption, the disk is actually encrypted with a random password, and then that random password is encrypted with the password that you give (and stored in the LUKS header).

For changing password, I would normally use:

cryptsetup luksAddKey "device"

This allows you to add a second key. The old key is still there as a fallback. Either key should then work. You can later delete the old key.

Since I don’t know what you actually did, I don’t know whether you have lost data.

That clearly would have been the smarter way to change the password. I am a bit wiser now.

Going down the rabbit hole of the source code of GNOME Disks (the used tool), I have verified that it is using crypt_keyslot_change_by_passphrase() and that it hence does change (not add) the password.

Am I out of luck now, or is there any predictable way in which GNOME Disks might have messed up the typed in password in conjunction with OpenSUSE?

What keyboard layout do you have? Grub only supports US English one. You can always boot any live Linux and change pass phrase or add another key.

I am using US English, but I have already tried to type like it was the German layout, just in case. No luck.

If you use a different US layout, there are characters that will not match when you type the password to log in.

There are two options (as far as I know):

Option1: when creating the password, use characters as if it were the US keyboard.
Option2: use only characters that are the same in the US layout and the one you normally use.

No, use only one layout.

Solved! GNOME Disks did everything right and I just discovered the typo by sheer luck.

I can only recommend to use luksAddKey together with luksRemoveKey as suggested by nrickert.

Thanks to everybody for the suggestions.