Back to article
Protecting Data with Encrypted Linux Partitions Part 2
Adding Your Own Back Door
June 21, 2007
Last week we learned how to create and use an encrypted, password-protected hard-drive partition using
You may add up to seven passwords to your encrypted partition. While you shouldn't go too crazy, having a second password could save you if you ever lose your first password. Or maybe you need to ensure that you always have access to your users' data. The encrypted partition must be unmounted and closed first. These examples use the partition we created in Part 1:
# umount crypted # cryptsetup luksClose sda2
Then run the
# cryptsetup luksAddKey /dev/sda2 Enter any LUKS passphrase: key slot 1 unlocked. Enter new passphrase for key slot: Verify passphrase: Command successful.
Then you can try out your new password:
# cryptsetup luksOpen /dev/sda2 sda2 Enter LUKS passphrase: key slot 1 unlocked. Command successful.
You now have two keys slots, 0 and 1.
Removing a password is done with this command:
# cryptsetup luksDelKey /dev/sda2 1 Enter any remaining LUKS passphrase: key slot 2 unlocked. Command successful.