table of contents
CRYPTSETUP-LUKSREMOVEKEY(8) | Maintenance Commands | CRYPTSETUP-LUKSREMOVEKEY(8) |
NAME¶
cryptsetup-luksRemoveKey - remove the supplied passphrase from the LUKS device
SYNOPSIS¶
cryptsetup luksRemoveKey [<options>] <device> [<key file with passphrase to be removed>]
DESCRIPTION¶
Removes the supplied passphrase from the LUKS device. The passphrase to be removed can be specified interactively, as the positional argument or via --key-file.
<options> can be [--key-file, --keyfile-offset, --keyfile-size, --header, --disable-locks, --type, --timeout, --verify-passphrase].
WARNING: If you read the passphrase from stdin (without further argument or with '-' as an argument to --key-file), batch-mode (-q) will be implicitly switched on and no warning will be given when you remove the last remaining passphrase from a LUKS container. Removing the last passphrase makes the LUKS container permanently inaccessible.
OPTIONS¶
--type <device-type>
--verify-passphrase, -y
--key-file, -d name
If the name given is "-", then the passphrase will be read from stdin. In this case, reading will not stop at newline characters.
See section NOTES ON PASSPHRASE PROCESSING in cryptsetup(8) for more information.
--keyfile-offset value
--keyfile-size, -l value
This option is useful to cut trailing newlines, for example. If --keyfile-offset is also given, the size count starts after the offset.
--timeout, -t <number of seconds>
This option is useful when the system should not stall if the user does not input a passphrase, e.g. during boot. The default is a value of 0 seconds, which means to wait forever.
--header <device or file storing the LUKS header>
For commands that change the LUKS header (e.g. luksAddKey), specify the device or file with the LUKS header directly as the LUKS device.
--disable-locks
WARNING: Do not use this option unless you run cryptsetup in a restricted environment where locking is impossible to perform (where /run directory cannot be used).
--batch-mode, -q
If the --verify-passphrase option is not specified, this option also switches off the passphrase verification.
--debug or --debug-json
If --debug-json is used, additional LUKS2 JSON data structures are printed.
--version, -V
--usage
--help, -?
Report bugs at cryptsetup mailing list <cryptsetup@lists.linux.dev> or in Issues project section <https://gitlab.com/cryptsetup/cryptsetup/-/issues/new>.
Please attach output of the failed command with --debug option added.
SEE ALSO¶
Cryptsetup FAQ <https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions>
CRYPTSETUP¶
Part of cryptsetup project <https://gitlab.com/cryptsetup/cryptsetup/>.
2023-06-30 | cryptsetup 2.6.0 |