Re-encrypting a volume from clear key to secure key

You can re-encrypt a volume that had previously been encrypted with a clear key, with a new secure key.

This topic presents two use cases where a re-encryption with a secure key is desired for volumes that have been encrypted with a clear key only:

  • You might have a volume that is encrypted with a clear key in LUKS1 or in plain mode, which you now want to encrypt with a secure key (see Re-encrypting from clear key to secure key onto a new volume). In this scenario, you need a new separate volume. The LUKS2 format is applied to the new volume.

In both use cases it is your goal to provide enhanced security that is applied by secure keys in contrast to the previously used clear keys.