Hello Nick, Nick Boyce <nick@glimmer.adsl24.co.uk> wrote: > On Tuesday 26 Jun 2012 10:47:50 Claudius Hubig wrote: > > > If you do luksAddKey, you’ll have to enter one of the old > > passphrases. After that, you can try unlocking the volume with the > > new passphrase. If that succeeds, you can use luksKillSlot to remove > > the first slot. > > luksDelKey or luksKillSlot ? > I don't yet understand the relationship between them, nor when it is necessary > to "kill a key slot". Neither do I and the manpage doesn’t make that very clear either. > Um ... I'd have to be in single-user mode then I guess ... assuming there's > even enough software in /boot (and/or the initramfs) to fiddle with unmounted > encrypted root filesystems. Then first add the new key, reboot, check if the new key works, and then delete the old one. That should work. I don’t think the cryptsetup contained in the initramfs can do all that. Best regards, Claudius -- "I say we take off; nuke the site from orbit. It's the only way to be sure." -- Corporal Hicks, in "Aliens" http://chubig.net telnet nightfall.org 4242
Attachment:
signature.asc
Description: PGP signature