Safest way to change password for volume

[brainchild0]

I understand that once a password is changed for a volume, the old one may not be used to open it.

Thus, the operation of changing a password is risky. Any problem with the entry of the desired password may make the volume inaccessible.

I understand that a master key may be used for recovery, but also that it may not be extracted from an existing repository, only recorded at the time of its creation.

Thus, it seems there is no good method for changing passwords with a high degree of safety.

I only think of further options as migrating content to a fresh volume set with the new password, by copying the plaintext content while both are open, or by copying the cypher volume as a backup before changing the password.

Are better options available?

[rfjakob]

Hi, two options:

1. You can extract the masterkey using gocryptfs-xray: https://github.com/rfjakob/gocryptfs/blob/master/Documentation/MANPAGE-XRAY.md#decrypt-and-show-master-key

2. Create a copy of gocryptfs.conf. If anything goes wrong when changing the password, you can restore it (overwrite the new one with the old one).