# GELI change passphrase



## luckylinux (Feb 16, 2013)

I researched this topic a bit but it seems that it's only possible to use geli setkey -K to change keys and not passphrase(s).
Any idea how to do the latter (other than recreate another encrypted RAID with the new password and copy data from the old one)?


----------



## fonz (Feb 16, 2013)

Are you currently using a keyfile, a passphrase or both? The *-K* option specifies a keyfile _and_ a passphrase (unless you use *-P* to disable the passphrase component). You probably just need `# geli setkey /dev/[i]something[/i]`
The geli(8) man page clearly lists the options.


----------



## luckylinux (Feb 16, 2013)

fonz said:
			
		

> Are you currently using a keyfile, a passphrase or both? The *-K* option specifies a keyfile _and_ a passphrase (unless you use *-P* to disable the passphrase component). You probably just need `# geli setkey /dev/[i]something[/i]`
> The geli(8) man page clearly lists the options.



Currently I'm just using a passphrase (no keyfile at all).
The man page doesn't provide any example on how to change passphrase (but it does on how to change the keyfile).
Since there was no option for geli setkey on how to change passphrase I assumed it wasn't possible. 

So after having run
`# geli setkey /dev/[i]something[/i]`
I should be prompted twice for the (new) passphrase?


----------



## fonz (Feb 16, 2013)

luckylinux said:
			
		

> So after having run
> `# geli setkey /dev/[i]something[/i]`
> I should be prompted twice for the (new) passphrase?


Yep. When currently using a passphrase and wanting to simply set a new passphrase, the above should suffice. It will prompt you for the new passphrase twice and it will prompt you for the current passphrase first *if* the device in question isn't currently attached. If it is, you're not asked for the old passphrase.


----------



## luckylinux (Feb 16, 2013)

fonz said:
			
		

> Yep. When currently using a passphrase and wanting to simply set a new passphrase, the above should suffice. It will prompt you for the new passphrase twice and it will prompt you for the current passphrase first *if* the device in question isn't currently attached. If it is, you're not asked for the old passphrase.




Good to know. Many thanks. Marking this thread as solved


----------

