HDD encryption passphrase

Assiniboine · March 19, 2014, 4:14pm

I recently acquired a new laptop after my old one passed away. I’m pretty new to openSUSE, so this was my second installation of it. When I set up the partitions I opted for encryption of my home folder, which I did not do on my rather hasty first installation and entered a complex passphrase which I immediately wrote down. Based on my experience with disk encryption on other GNU/Linux distros, I naively assumed that I would not have to enter the passphrase unless I was accessing the hard drive outside of the OS. I was wrong.

The passphrase as it is is not possible to memorize, so I am forced to carry the passphrase with me everywhere; significantly weakening the value of encryption. My question is: can I change the passphrase without re-partitioning?

nrickert · March 19, 2014, 5:05pm

Yes.

First a bit of perspective. Your partition is actually encrypted with a completely random key.

The key that you provided was used to encrypt the random key used for the actual encryption.

You can use:


cryptsetup luksAddkey ... other options

to add an additional key. That re-encrypts the random key with a new user-provided key. You can later remove the original key, or just leave it there.


man cryptsetup

will fill in the details for you.

Assiniboine · March 25, 2014, 3:13am

That worked, thanks

nrickert:

Yes.

First a bit of perspective. Your partition is actually encrypted with a completely random key.

The key that you provided was used to encrypt the random key used for the actual encryption.

You can use:
cryptsetup luksAddkey ... other options
to add an additional key. That re-encrypts the random key with a new user-provided key. You can later remove the original key, or just leave it there.
man cryptsetup
will fill in the details for you.