HDD encryption passphrase

I recently acquired a new laptop after my old one passed away. I’m pretty new to openSUSE, so this was my second installation of it. When I set up the partitions I opted for encryption of my home folder, which I did not do on my rather hasty first installation and entered a complex passphrase which I immediately wrote down. Based on my experience with disk encryption on other GNU/Linux distros, I naively assumed that I would not have to enter the passphrase unless I was accessing the hard drive outside of the OS. I was wrong.

The passphrase as it is is not possible to memorize, so I am forced to carry the passphrase with me everywhere; significantly weakening the value of encryption. My question is: can I change the passphrase without re-partitioning?


First a bit of perspective. Your partition is actually encrypted with a completely random key.

The key that you provided was used to encrypt the random key used for the actual encryption.

You can use:

cryptsetup luksAddkey ... other options

to add an additional key. That re-encrypts the random key with a new user-provided key. You can later remove the original key, or just leave it there.

man cryptsetup

will fill in the details for you.

That worked, thanks