From owner-freebsd-geom@FreeBSD.ORG Tue May 10 21:16:12 2005 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6154416A4CE for ; Tue, 10 May 2005 21:16:12 +0000 (GMT) Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.135]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F13A43D9E for ; Tue, 10 May 2005 21:16:12 +0000 (GMT) (envelope-from mrhino@hushmail.com) Received: from smtp3.hushmail.com (localhost.hushmail.com [127.0.0.1]) by smtp3.hushmail.com (Postfix) with SMTP id DE3CEA33EA for ; Tue, 10 May 2005 14:16:09 -0700 (PDT) Received: from mailserver5.hushmail.com (mailserver5.hushmail.com [65.39.178.19]) by smtp3.hushmail.com (Postfix) with ESMTP for ; Tue, 10 May 2005 14:16:09 -0700 (PDT) Received: by mailserver5.hushmail.com (Postfix, from userid 65534) id 7FB3337B4D; Tue, 10 May 2005 14:16:09 -0700 (PDT) Date: Tue, 10 May 2005 14:16:03 -0700 To: Cc: From: Message-Id: <20050510211609.7FB3337B4D@mailserver5.hushmail.com> Subject: Re: GBDE container file backup question X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 May 2005 21:16:12 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks for that; much appreciated. I had read that paper, several times, but hadn't quite understood that the lock file simply pointed to the lock sectors on the device. Thanks again, Mark On Tue, May 10, 2005 at 04:09:51AM -0700, mrhino@hushmail.com wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > Apologies in advance if this isn't the right place to be asking > this question: > > I've got a gbde partition based on an image file, private.img. > I also have a lock file as per the instructions - /etc/gbde/md9 > > It's all working fine, but I want to be able to back it up somehow. > > If I back up private.img and /etc/gbde/md9, is that everything I Yes. (You can store the lock files separate from the encrypted volume for maximum security.) > need to do to be able to restore the encrypted partition? The lock > file seems awfully small to be an encryption key (compared to the > PGP keys I'm familiar with). It doesn't contain the encrypted keys or key material itself. It contains the encrypted location of the lock sectors and requires the pass phrase to obtain the master keys from the volume. > What about the 'keys' mentioned in the handbook - I created 2 keys > during the init, but I'm not sure where they are. Are they > analagous to my PGP private keys, or what? Do I need to back them > up somewhere? Do they have the same password? No, the key scheme is not a public key system. The pass phrase material is used symmetrically (same key to encrypte/decrypt), as AES is a symmetric cipher. Implementation of public keys is something to look forward to in the future. Some vnode-level solutions are integrating diverse key schemes. > Any advice appreciated. You might wish to read the very instructive paper by phk, found: http://phk.freebsd.dk/pubs/ > Yours, > Mark > -----BEGIN PGP SIGNATURE----- > Note: This signature can be verified at https://www.hushtools.com/verify > Version: Hush 2.4 > > wkYEARECAAYFAkKAlnYACgkQy7ADd7v2HyaSngCaAkYwBsqH3/3DBrrf/lXQjlaN2qsA > oIkbjdtl2BBFhRY6CKs5uO9phVq2 > =m5yy > -----END PGP SIGNATURE----- - -- Allan Fields _______________________________________________ freebsd-geom@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-geom To unsubscribe, send any mail to "freebsd-geom- unsubscribe@freebsd.org" -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkKBJIcACgkQy7ADd7v2HyZvDACfY5VsU4s9kdFMyx/YNVGOigK73hIA n0QGSh2ySvqldeCVyuuC1F/E81h4 =fdpq -----END PGP SIGNATURE-----