[dm-crypt] Can you change the cipher without destroying your data

Michael Kjörling michael at kjorling.se
Fri Dec 18 22:34:27 CET 2015

On 18 Dec 2015 14:13 -0500, from doark at mail.com (David Niklas):
> I have a LUKS partition, aes-xts-plain64.
> I wanted to change it, can I?
> I can unmount the drive and do this, I'm not talking hot change here.

I believe this is exactly what cryptsetup-reencrypt was designed to
do. That tool is available in cryptsetup 1.5.0 and up.



And yes, the reencryption is an offline operation.

And you really, _REALLY_ want to have a fresh backup of your data
before you even think about doing it.

But just out of curiosity, why do you want to migrate away from
aes-xts-plain64? I've said it before; that is the default for a

Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)

More information about the dm-crypt mailing list