Reencrypt your NinjaStik
Each time you make a new NinjaStik you will need to reencrypt to change the encryption keys. Shared encryption keys compromise the security. Apologies for the understatement.
The NinjaStik has a common encryption key as it originates from a single image.
The reencryption tool is nothing more than a basic ubuntu operating system with a command line interface. We need a separate operating system to run the reencryption command as it is best not run it from inside it’s own system. Imagine trying to change the lock on your car, whilst driving it on the highway. The reencryption system provides us a tool to change the encryption keys while the system is not running.
Boot your NinjaStik but select Reencrypt instead of NinjaStik at boot.
After a moment of black screen, some boot text and the ubuntu logo, you get to the reencrypt login.
The login is ‘user’ and the password is ‘password’.
The main commands you need are already preloaded into the history. Simply tap the UP cursor key to see them.
Tap up until you see ‘sudo f-disk -l’ and hit Enter.
The drive on a standard NinjaStik installation is /dev/sda6
Tap the UP cursor key until you see the ‘sudo cryptsetup-reencrypt -B 32 -c aes-xts-plain64 /dev/sda6’ command and hit Enter.
Type in the current encryption passphrase and hit enter.
The system will reencrypt the drive, you’ll see a % done and ETA as well.
_When done it will return to the command prompt.
To shutdown, type ‘sudo halt’
Reminder: You must do this for every NinjaStik you make. Even the first one. Otherwise you’ve got one key-ring to rule them all and that never works out well… Always seems to result in travel to unwelcome places.