cryptsetup/man/cryptsetup-luksAddKey.8.adoc

= cryptsetup-luksAddKey(8)
:doctype: manpage
:manmanual: Maintenance Commands
:mansource: cryptsetup {release-version}
:man-linkstyle: pass:[blue R < >]
:COMMON_OPTIONS:
:ACTION_LUKSADDKEY:

== Name

cryptsetup-luksAddKey - add a new passphrase

== SYNOPSIS

*cryptsetup _luksAddKey_ [<options>] <device> [<key file with new key>]*

== DESCRIPTION

Adds a new passphrase. An existing passphrase must be supplied
interactively or via --key-file. The new passphrase to be added can be
specified interactively or read from the file given as the positional
argument.

*NOTE:* with --unbound option the action creates new unbound LUKS2
keyslot. The keyslot cannot be used for device activation. If you don't
pass new key via --volume-key-file option, new random key is generated.
Existing passphrase for any active keyslot is not required.

*NOTE:* some parameters are effective only if used with LUKS2 format
that supports per-keyslot parameters. For LUKS1, PBKDF type and hash
algorithm is always the same for all keyslots.

*<options>* can be [--key-file, --keyfile-offset, --keyfile-size,
--new-keyfile-offset, --new-keyfile-size, --key-slot, --volume-key-file,
--force-password, --hash, --header, --disable-locks, --iter-time,
--pbkdf, --pbkdf-force-iterations, --pbkdf-memory, --pbkdf-parallel,
--unbound, --type, --keyslot-cipher, --keyslot-key-size, --key-size,
--timeout, --verify-passphrase].

include::man/common_options.adoc[]
include::man/common_footer.adoc[]