I tried the following
sudo cryptsetup luksChangekey /dev/nvme0n1p3 < new passphrase >
It then asks for the Sudo password, then asks for the old passphrase, but then it prints this error message
Failed to open key file.
what went wrong ?
Edit: turns out using GNOME Disks is way more straightforward… 😅, thank you all
Refer to the
cryptsetup-luksChangeKey
man page--key-file
options, you cannot change the password directly on a commandline; you either (a) type it interactively, (b) put it in a keyfile, or © accept input from STDIN with the standard use of-
on the end (e.g.echo "mypass" | cryptsetup luksChangeKey /dev/sda -
)The correct syntax is
cryptsetup luksChangeKey <device> <key file>
. So what you tried is opening a file that is named like your new passphrase. Such a file of course (hopefully) doesn’t exist.Just omit the last parameter, i.e.
sudo cryptsetup luksChangekey /dev/nvme0n1p3
and enter the new password when it asks you to.Have you tried using GNOME Disk Utility?
I have it installed, but I don’t see the option 🤷♂️
Try clicking on the encrypted partition to get the passphrase option.
https://askubuntu.com/questions/95137/how-to-change-luks-passphrase
Here’s how to find it: https://spectra.video/w/tbLNakrf2ncii4NrqJbwE8
OMG, thank youu… It worked… 🥳
What is the output if you run
sudo cryptsetup --verbose open --test-passphrase /dev/nvme0n1p3
?It asks for the sudo password, then it prints
No usable token is available.
Then it asks : Enter passphrase for /dev/nvme0n1p3:
After entering my old passphrase it prints:
Key slot 0 unlocked Command Successful.
Alright so no permission issue, what if you run the changekey command in a separate bash subprocess?
sudo bash -c '($your-changekey-command-here)'
Is it like the same first “cryptsetup luksChangekey…” But inside parentheses ? Im sure I’m getting the syntax wrong… It prints
bash: line 1: -luksChangekey: command not found