cryptsetup-luksConvertKey - Linux
Overview
cryptsetup-luksConvertKey is a command-line tool that converts a LUKS (Linux Unified Key Setup) encrypted partition from one passphrase to another. It allows users to change the encryption key used to access the partition without losing data.
Syntax
cryptsetup-luksConvertKey [-d] [-DKRYPT_KEY] [-L LIST] <device> <new_passphrase>
Options/Flags
- -d: Dry run mode. This option validates the conversion without actually performing it.
- -DKRYPT_KEY: Specify the current passphrase or keyfile.
- -L LIST: Lists available LUKS headers on the device.
Examples
Simple passphrase conversion:
cryptsetup-luksConvertKey /dev/sda2 "new_passphrase"
Complex passphrase conversion with a keyfile:
cryptsetup-luksConvertKey -DKRYPT_KEY=keyfile.bin /dev/sda2 "new_passphrase"
Dry run mode:
cryptsetup-luksConvertKey -d /dev/sda2 "new_passphrase"
Common Issues
- Incorrect passphrase: Ensure the current passphrase is correct or provide the correct keyfile.
- Luks header not found: Make sure the device specified has a valid LUKS header.
Integration
Use with other commands:
- cryptsetup: Perform other LUKS-related operations, such as opening, closing, or changing the LUKS header.
- fdisk: View or modify partition tables.
Scripting:
Convert LUKS keys programmatically by incorporating cryptsetup-luksConvertKey
into shell scripts.
Related Commands
- luks-change-key: Alternative tool for changing LUKS encryption keys.
- LUKS1: Older encryption format supported by
cryptsetup
.