Date: Mon, 5 Mar 2012 12:52:31 +0000 From: RW <rwmaillists@googlemail.com> To: freebsd-geom@freebsd.org Subject: Re: geli metadata backup Message-ID: <20120305125231.275bfb23@gumby.homeunix.com> In-Reply-To: <CA%2BQLa9Ax0hbSexKWAj-iRGD1GeRQCgWiA8R6aMqhWrWeOhMb6Q@mail.gmail.com> References: <CA%2BQLa9Ax0hbSexKWAj-iRGD1GeRQCgWiA8R6aMqhWrWeOhMb6Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 3 Mar 2012 17:24:15 -0500 Robert Simmons wrote: > What exactly is contained in the metadata backup > file /var/backups/_prov_.eli ? I don't know exactly what's in the metadata, but the most important thing is that it contains copies of the master key encrypted with the user keys. If the metadata sector on the partition is corrupted then you can't access your data. > Obviously, since I keep /var inside of the encrypted provider, the > default location is a bad place for a backup. Where would a good > location be to save this metadata using the -B switch for geli init > other than the default? Anywhere you like except inside the volume it backs-up - preferably offline. It is also somewhat sensitive. If someone else has the metadata and the passphrase/keyfile, then changing or deleting the key on disk wont help - you would have to dump the data and create a new geli partition.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120305125231.275bfb23>