I checked the "encryption" checkbox in the Anaconda installer during CentOS 6 installation, which encrypts at the PV (Physical Volume) partition level.
Now, for some security reasons, I want to change the current encryption key.
Is there any way to do this?
Best Answer
The default encryption method uses LUKS, so issue:
to see how many slots you are currently using. Replace
/dev/sda
with the appropriate block device.Add a new key to a free slot using
cryptsetup luksAddKey
, check the possible options in thecryptsetup(8)
manpage.Afterwards, reboot and ensure you can access the machine using the new key. Then you can delete the old one (
cryptsetup luksRemoveKey
).