Hello Nick, Nick Boyce <[email protected]> wrote: > On Tuesday 26 Jun 2012 10:47:50 Claudius Hubig wrote: > > > If you do luksAddKey, you’ll have to enter one of the old > > passphrases. After that, you can try unlocking the volume with the > > new passphrase. If that succeeds, you can use luksKillSlot to remove > > the first slot. > > luksDelKey or luksKillSlot ? > I don't yet understand the relationship between them, nor when it is > necessary > to "kill a key slot".
Neither do I and the manpage doesn’t make that very clear either.
> Um ... I'd have to be in single-user mode then I guess ... assuming there's
> even enough software in /boot (and/or the initramfs) to fiddle with unmounted
> encrypted root filesystems.
Then first add the new key, reboot, check if the new key works, and
then delete the old one. That should work. I don’t think the
cryptsetup contained in the initramfs can do all that.
Best regards,
Claudius
--
"I say we take off; nuke the site from orbit. It's the only way to be sure."
-- Corporal Hicks, in "Aliens"
http://chubig.net telnet nightfall.org 4242
signature.asc
Description: PGP signature
