The VBoxManage encryptvm vmname setencryption command changes encryption of a VM.

Use the --old-password to supply old encryption password. Either specify the absolute pathname of a password file on the host operating system, or - to prompt you for the old password.

Use the --cipher option to specify the new cipher for encryption of the VM. Only AES-128 and AES-256 are supported. Appropriate mode GCM, CTR or XTS will be selected by VM depending on encrypting component.

Use the --new-password option to specify the new password for encryption of the VM. Either specify the absolute pathname of a password file on the host operating system, or - to prompt you for the new password.

Use the --new-password-id option to specify the new id for the password for encryption of the VM.

Use the --force option to make the system to reencrypt the VM instead of simple changing the password.

The VBoxManage encryptvm vmname checkpassword command checks the correctness of the supplied password.

The password can be supplied from file. Specify the absolute pathname of a password file on the host operating system. Also, you can specify - to prompt you for the password.

The VBoxManage encryptvm vmname addpassword command adds a password for decrypting the VM.

Use the --password to supply the encryption password. Either specify the absolute pathname of a password file on the host operating system, or - to prompt you for the password.

Use the --password-id option to specify the id the password is supplied for.

The VBoxManage encryptvm vmname removepassword command removes a password used for decrypting the VM.

Specify the password identifier for removing. The password becomes unknown and the VM can not be decrypted.