Ubuntu: How to change the password of an encrypted LVM system (done with the alternate Installation)?


I installed Ubuntu 11.10 with the alternate CD and encrypted the whole system (except boot) with the encrypted LVM. Everything works great as before, but I would like to change the password of the encrypted LVM. I tried to follow the Tips and Tricks of this article, but it does not work. After typing:

sudo cryptsetup luksDump /dev/sda5  

It says: "Device /dev/sd5 doesn't exist or access denied." I thought the encrypted partition is /dev/sda5. Any help how to change the password?


Here is the answer that worked for me, after Hamish helped me to realize my typo:

To add a new password, use luksAddKey:

sudo cryptsetup luksAddKey /dev/sda5  

To remove an existing password, use luksRemoveKey:

sudo cryptsetup luksRemoveKey /dev/sda5  

Cited from this blog. Thanks.


Download "Disks" from Software Manager. Run it. Select your encrypted device partition. Click gear icon. Select "Change passphrase". That's it


The encrypted partition may well be using /dev/sda5 (note the a in sda5) and that is the device you probably need to use (unless that is just a typo in your question).

However the encrypted device itself will have another name - something like /dev/mapper/cryptroot. For the device name you could:

  • look in the file /etc/crypttab - this will have both the partition and the mapper name in it, but only for permanent partitions
  • run mount and see what the mapper name is - this is useful when you have plugged in an encrypted disk via USB. (Though I'm not sure how you then find the actual underlying device name).


Without thinking I set the passphrase to be really long, and it became a pain to type. I ended up using the following to change it to something more manageable.

sudo cryptsetup luksChangeKey /dev/sda5  


To see the slots used:

sudo cryptsetup luksDump /dev/sda5  

And to find out which partition to use

cat /etc/crypttab  

And if it is listed by uuid, use

ls -l /dev/disk/by-uuid/{insert your uuid here}  

Then use

sudo cryptsetup luksAddKey /dev/sda5  sudo cryptsetup luksRemoveKey /dev/sda5  


sudo cryptsetup luksChangeKey /dev/sda5  

and for faster reference (assuming only 1 entry in /etc/crypttab)

sudo cryptsetup luksAddKey /dev/disk/by-uuid/$(cat /etc/crypttab | sed -e "s|\(.*\) UUID=\(.*\) none.*|\2|g")  sudo cryptsetup luksChangeKey /dev/disk/by-uuid/$(cat /etc/crypttab | sed -e "s|\(.*\) UUID=\(.*\) none.*|\2|g")  

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »