Devices encrypted with luks support more than one passphrase. Here an example with a normal 5MB file. Just replace the “crypt_file.img” with /dev/sdX or whatever device you have encrypted.

user@host:~$ dd if=/dev/urandom bs=5M count=1 of=crypt_file.img
1+0 records in
1+0 records out
5242880 bytes (5.2 MB) copied, 0.507585 s, 10.3 MB/s

sudo cryptsetup luksFormat crypt_file.img
WARNING!
========
This will overwrite data on crypt_file.img irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase: fancypass
Verify passphrase: fancypass

The password is not actually shown in your terminal. We now have an encrypted volume with password “fancypass”.

user@host:~$ sudo cryptsetup luksAddKey crypt_file.img
Enter any passphrase: foobar
No key available with this passphrase.

user@host:~$ sudo cryptsetup luksAddKey crypt_file.img
Enter any passphrase: fancypass
Enter new passphrase for key slot: foobar
Verify passphrase: foobar2

It is now possible to open the encrypted crypt_file.img with the passwords “foobar” and “fancypass”. The following will delete keyslot 0, which would be “fancypass”.

user@host:~$ sudo cryptsetup luksKillSlot crypt_file.img 0

You can get more information about the used keyslots via:

user@host:~$ sudo cryptsetup luksDump crypt_file.img