Assuming you are using the live, desktop CD:
Mount your crypt
This assumes your crypt is called crypt, the physical partition is /dev/sda1 , and the root partition partition in /dev/mapper is called root, adjust accordingly to your setup.
Boot the live (Desktop) CD and install lvm2 and cryptsetup.
sudo apt-get update && sudo apt-get install lvm2 cryptsetup
Load the cryptsetup module.
sudo modprobe dm-crypt
Decrypt your file system.
sudo cryptsetup luksOpen /dev/sda1 crypt
Get the live CD to recognize (activate) your LVM.
sudo vgscan --mknodes
sudo vgchange -ay
You can now access / mount the crypt
sudo mkdir /media/crypt_root
sudo mount /dev/mapper/root /media/crypt_root
Installing into the encrypted partition
I have not done this manually from an Ubuntu live CD and honestly I am not sure it will work, sort of depends on how much you already know, and how much I forget. This is going to be a long post, so I may not cover each and every detail ;).
You can try running the graphical installer and try to use /dev/mapper/root as your root ( / ) partition. You will need to unmount it first.
If that fails , you can install the long way with chroot
Installing into a chroot is fairly easy, you need to make any other partitions you are using , including /boot (you already have), swap, and if you so desire /home
You then install a base system with debootstrap, use /media/crypt_root as the chroot.
Typing all the commands for a chroot is going to be too long for an already long post, but DebootstrapChroot will walk you through how to do this step - by - step
After installing the base with debootstrap, we will chroot in and install / configure the rest.
Note: After following the above link, you should have configured the chroot , /media/crypt_root , including resolv.conf, and you should have proc, sys, and dev mounted in the chroot. All that is covered, but just making sure ;)
sudo -i
#mount your boot partition in the chroot
mount /dev/sda2 /media/chroot_root/boot
#mount home also if you have a separate home
#If you do not have a separate home, skip this
mount /dev/your_home_partition
chroot /media/crypt_root
RUN THESE COMMANDS IN THE CHROOT
apt-get install ubuntu-desktop lvm2 cryptsetup linux-generic grub2
# Add and configure your user
useradd your_user
passwd your_user
usermod usermod -a -G admin,users
Configure the chroot. You will need to edit /etc/fstab , /etc/crypttab
In /etc/crypttab define your crypt
crypt /dev/sda1 none luks
In /etc/fstab make sure you define your partitions, swap, etc
/dev/mapper/crypt_root / ext4 defaults,errors=remount-ro 0 1
MAKE SURE YOUR FSTAB IS COMPLETE , including swap, proc, home (if you use a separate home, tmpfs, etc. Use the live desktop cd as a template if needed.
Exit the chroot
exit
EXIT Chroot
You now need to install grub, run this command from the live CD
sudo grub-install --root-directory=/media/crypt_root /dev/sda
That is about it, I do not think I forgot anything major. I can not fill in all the details of all your partitions as I do not know your layout and do not know how much or how little you know about /etc/fstab.
If you need further assistance or I forgot something post back or perhaps someone will chime in.
If all the seems overwhelming , well that is why people use the alternate CD, it automates the process.
Additional references:
http://en.gentoo-wiki.com/wiki/DM-Crypt_with_LUKS
https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS
Those links will have gentoo and arch specific information, which you can ignore as you are on Ubuntu. But they contain more detailed descriptions on how to set up LVM and your crypt, including examples of crypttab and fstab.
Hope that helps.
Best Answer
Using the Disks application:
In Ubuntu 18.04 or newer there is the possibility of using (Gnome) Disks. Thanks for the hint, Greg Lever, after clicking around I found what Greg mentioned:
1. Open Gnome Disks.
2. Choose/Click on the main physical hard drive in the left panel.
3. Click on the LUKS encrypted partition, in this example it is Partition 3:
4. Click on the edit icon (cogs, gear wheels) and choose "Change Paraphrase".
Or... using the command-line:
Here is the answer that worked for me, after Hamish helped me to realize my typo.
WARNING (for older Ubuntu versions, newer (e.g. 19.04) should be bug-fixed but be careful anyway): If you only have one key and remove it before adding another, you will render your disk inaccessible after rebooting! This also means you can not add a new key anymore afterwards. Thanks waffl and khaimovmr for these helpful comments.
First, you need to find out which is the encrypted LVM partition, it may be sda3, but it can also be sda5 (default on Ubuntu LVM), sdX2, ...:
To add a new password, use
luksAddKey:To remove an existing password, use
luksRemoveKey:View currently used slots of the encrypted partition:
Cited from this blog. Thanks.
Be aware: Flimm experienced that Ubuntu's system keyboard layout changed from Dvorak to Qwerty. You cannot see which keyboard layout you are using (bug #1862656) and you cannot choose to display the password (bug #1862654). Also, you only get three tries before being forced to wait for 60 seconds (bug #1862660). Thanks flimm for the helpful comment!