cryptsetup-luksConvertKey - Linux

Overview

cryptsetup-luksConvertKey is a command-line tool that converts a LUKS (Linux Unified Key Setup) encrypted partition from one passphrase to another. It allows users to change the encryption key used to access the partition without losing data.

Syntax

cryptsetup-luksConvertKey [-d] [-DKRYPT_KEY] [-L LIST] <device> <new_passphrase>

Options/Flags

• -d: Dry run mode. This option validates the conversion without actually performing it.
• -DKRYPT_KEY: Specify the current passphrase or keyfile.
• -L LIST: Lists available LUKS headers on the device.

Examples

Simple passphrase conversion:

cryptsetup-luksConvertKey /dev/sda2 "new_passphrase"

Complex passphrase conversion with a keyfile:

cryptsetup-luksConvertKey -DKRYPT_KEY=keyfile.bin /dev/sda2 "new_passphrase"

Dry run mode:

cryptsetup-luksConvertKey -d /dev/sda2 "new_passphrase"

Common Issues

• Incorrect passphrase: Ensure the current passphrase is correct or provide the correct keyfile.
• Luks header not found: Make sure the device specified has a valid LUKS header.

Integration

Use with other commands:

• cryptsetup: Perform other LUKS-related operations, such as opening, closing, or changing the LUKS header.
• fdisk: View or modify partition tables.

Scripting:

Convert LUKS keys programmatically by incorporating cryptsetup-luksConvertKey into shell scripts.

Related Commands

• luks-change-key: Alternative tool for changing LUKS encryption keys.
• LUKS1: Older encryption format supported by cryptsetup.