ranloe
June 4th, 2018, 07:21 PM
This is a problem I encountered when trying to change the password for my encrypted luks partitions (system & data) created with the ManualFullSystemEncryption guide by Paddy Landau (https://help.ubuntu.com/community/ManualFullSystemEncryption). my setup is slightly different than the one illustrated in the guide, and I have had custom instructions from paddy before in the following thread: https://ubuntuforums.org/showthread.php?t=2357978
I am running a laptop with dual boot Ubuntu 16.04 and Windows 10. I fully encrypted the ubuntu part using the above mentioned guide and have been using this setup successfully for over a year. Today I wanted to change the password for my Ubuntu Encryption. I did the following:
I booted into my pc using a LIVE usb with ubuntu on it. I then opened Gparted to see the names (e.g. sda1) of my "system" and "data" partition. I did what follows for each partition:
I ran `sudo cryptsetup luksDump "partitionname"` which showed me that both Slot 0 and Slot 1 were ENABLED. I proceeded with `sudo cryptsetup luksAddKey "partitionname"` which filled up Slot 2. Next, I deleted Slot 0 and 1 with `sudo cryptsetup luksKillSlot "partitionname" "slotnumber"`. luksDump now showed 0 and 1 DISABLED and only slot 2 ENABLED. On the LIVE usb i could now unlock both partitions with my new password, and that one only. I then rebooted and removed the LIVE usb, but when enterening the new password on the usual 'unlock encrypted volume' screen, the new password doesn't work.
I then went back to study the ManualFullSystemEncryption guide to find out if there could be a clue there and sure enough, under 7.1.1 - 2. on https://help.ubuntu.com/community/ManualFullSystemEncryption/DetailedProcessPartitionFormatEncrypt was written the following: "(At this point, the system will allow you to add up to eight users, but you must leave one free, because it is used later in these instructions.)"
this message is given after a luks encryption password has alrdy been created under 7.1 and I believe that the slot that is referred to as being "used later in these instructions" is the one filled in point "3. Create key files" on this page: https://help.ubuntu.com/community/ManualFullSystemEncryption/DetailedProcessFixBrokenPieces
To summarize, I believe the booting process set up using the ManualFullSystemEncryption guide needs 2 passwords, set up during the guide. However, I broke the booting process by deleting both the one i was actively entering each time when booting (also being the one i set manually during the booting process) and the one that was created with `sudo cryptsetup luksAddKey /dev/sdA5 /mnt/root/etc/crypt.system` (under "3. Create key files").
Thank you for your time and consideration.
I am running a laptop with dual boot Ubuntu 16.04 and Windows 10. I fully encrypted the ubuntu part using the above mentioned guide and have been using this setup successfully for over a year. Today I wanted to change the password for my Ubuntu Encryption. I did the following:
I booted into my pc using a LIVE usb with ubuntu on it. I then opened Gparted to see the names (e.g. sda1) of my "system" and "data" partition. I did what follows for each partition:
I ran `sudo cryptsetup luksDump "partitionname"` which showed me that both Slot 0 and Slot 1 were ENABLED. I proceeded with `sudo cryptsetup luksAddKey "partitionname"` which filled up Slot 2. Next, I deleted Slot 0 and 1 with `sudo cryptsetup luksKillSlot "partitionname" "slotnumber"`. luksDump now showed 0 and 1 DISABLED and only slot 2 ENABLED. On the LIVE usb i could now unlock both partitions with my new password, and that one only. I then rebooted and removed the LIVE usb, but when enterening the new password on the usual 'unlock encrypted volume' screen, the new password doesn't work.
I then went back to study the ManualFullSystemEncryption guide to find out if there could be a clue there and sure enough, under 7.1.1 - 2. on https://help.ubuntu.com/community/ManualFullSystemEncryption/DetailedProcessPartitionFormatEncrypt was written the following: "(At this point, the system will allow you to add up to eight users, but you must leave one free, because it is used later in these instructions.)"
this message is given after a luks encryption password has alrdy been created under 7.1 and I believe that the slot that is referred to as being "used later in these instructions" is the one filled in point "3. Create key files" on this page: https://help.ubuntu.com/community/ManualFullSystemEncryption/DetailedProcessFixBrokenPieces
To summarize, I believe the booting process set up using the ManualFullSystemEncryption guide needs 2 passwords, set up during the guide. However, I broke the booting process by deleting both the one i was actively entering each time when booting (also being the one i set manually during the booting process) and the one that was created with `sudo cryptsetup luksAddKey /dev/sdA5 /mnt/root/etc/crypt.system` (under "3. Create key files").
Thank you for your time and consideration.