Date: Tue, 10 May 2005 14:16:03 -0700 From: <mrhino@hushmail.com> To: <freebsd-geom@freebsd.org> Subject: Re: GBDE container file backup question Message-ID: <20050510211609.7FB3337B4D@mailserver5.hushmail.com>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks for that; much appreciated. I had read that paper, several times, but hadn't quite understood that the lock file simply pointed to the lock sectors on the device. Thanks again, Mark On Tue, May 10, 2005 at 04:09:51AM -0700, mrhino@hushmail.com wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > Apologies in advance if this isn't the right place to be asking > this question: > > I've got a gbde partition based on an image file, private.img. > I also have a lock file as per the instructions - /etc/gbde/md9 > > It's all working fine, but I want to be able to back it up somehow. > > If I back up private.img and /etc/gbde/md9, is that everything I Yes. (You can store the lock files separate from the encrypted volume for maximum security.) > need to do to be able to restore the encrypted partition? The lock > file seems awfully small to be an encryption key (compared to the > PGP keys I'm familiar with). It doesn't contain the encrypted keys or key material itself. It contains the encrypted location of the lock sectors and requires the pass phrase to obtain the master keys from the volume. > What about the 'keys' mentioned in the handbook - I created 2 keys > during the init, but I'm not sure where they are. Are they > analagous to my PGP private keys, or what? Do I need to back them > up somewhere? Do they have the same password? No, the key scheme is not a public key system. The pass phrase material is used symmetrically (same key to encrypte/decrypt), as AES is a symmetric cipher. Implementation of public keys is something to look forward to in the future. Some vnode-level solutions are integrating diverse key schemes. > Any advice appreciated. You might wish to read the very instructive paper by phk, found: http://phk.freebsd.dk/pubs/ > Yours, > Mark > -----BEGIN PGP SIGNATURE----- > Note: This signature can be verified at https://www.hushtools.com/verify > Version: Hush 2.4 > > wkYEARECAAYFAkKAlnYACgkQy7ADd7v2HyaSngCaAkYwBsqH3/3DBrrf/lXQjlaN2qsA > oIkbjdtl2BBFhRY6CKs5uO9phVq2 > =m5yy > -----END PGP SIGNATURE----- - -- Allan Fields _______________________________________________ freebsd-geom@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-geom To unsubscribe, send any mail to "freebsd-geom- unsubscribe@freebsd.org" -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkKBJIcACgkQy7ADd7v2HyZvDACfY5VsU4s9kdFMyx/YNVGOigK73hIA n0QGSh2ySvqldeCVyuuC1F/E81h4 =fdpq -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050510211609.7FB3337B4D>