💾 Archived View for jacksonchen666.com › posts › 2023-08-09 › 17-17-59 › index.gmi captured on 2024-02-05 at 09:45:30. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-11-04)
-=-=-=-=-=-=-
2023-08-09 17:17:59Z
Let's say you have a storage device with LUKS on it. You want to change the parameters, but not the password itself. How I would do is like this:
1. Create a temporary key-slot to your container
2. Remove the key-slot you want to change
3. Recreate the key into the just removed key-slot
4. Remove the temporary key-slot
This prevents your LUKS container from turning completely encrypted from everyone (including you), and also works around `cryptsetup luksChangeKey` not accepting the same password[^repeat]. It would also ask for your password more than once, which is a bit too many times.
(On cryptsetup not accepting the same password on luksChangeKey: I've been unable to verify that statement in Alpine Linux. It might be related to password qualities and I don't think that's well enforced on Alpine Linux.)
However, there is a much simpler method:
1. Use `cryptsetup luksConvertKey`
That's it. It does pretty much the same thing (except when you're out of free slots) where you use a temporary key, replace the slot, and remove the temporary key.