Cryptsetup shows two keys, but I only have set one?

Melc · 24 February 2023 14:21

Hello there

About a week ago I setup Manjaro Linux in dualboot mode for my mobile device (Worst Linux installation of my life, but that’s another story). And as one should encrypt their mobile devices, I did that during the installation in callamares

Today I realized, that I want to change my password. Therefore I found Change LUKS encryption password - Change LUKS encryption password - TUXEDO Computers (thanks for Change the encryption password - #2 by mithrial) and was a bit digging in my system. So I issued sudo cryptsetup luksDump /dev/sdb2. And then I got the desired output. And inspecting it I’ve seen something off:
There are two Key Slots enabled (0,1) But I only set one password! Using cryptsetup --verbose open --test-passphrase /dev/sdb2 I found that my Key is in Slot 0.

Therefore I’m asking the following question: Is this the desired behavior by the developers? Is a bug known that does that? Am I the only one finding that suspicious?

Thank you for your inputs in advance.

fasto · 24 February 2023 19:43

It seems that if you are using one key to unlock multiple partitions, Calamares will generate a second key for convenience. The second key is stored in encrypted form behind the first key, so it is safe. If you are only encrypting a single partition, though, this does not apply and the cause is something else.

Melc · 3 March 2023 16:54

Thank you @fasto . That answers my question!

system · 6 March 2023 06:54

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.