Date: Wed, 27 May 2009 14:45:48 +0300 From: Dan Naumov <dan.naumov@gmail.com> To: freebsd-geom@freebsd.org Subject: Questions on GELI encryption Message-ID: <cf9b1ee00905270445k179b9354sa44acee91507cfb8@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello (World) again :) Sorry for creating another discussion thread so fast, but I figured that since the new questions I have do not fall under the scope of "CPU horsepower requirements for GELI", I thought they deserved a new one: 1) I am reading the Handbook section on GELI ( http://www.freebsd.org/doc/en/books/handbook/disks-encrypting.html ) and I am a bit confused. The example a) creates a keyfile b) initializes a provider with the keyfile c) attaches the provider d) creates a new filesystem directly on the provider and e) mounts it Now, I am probably missing something very obvious, but are "slices" no longer a requirement for creating and using an UFS filesystem in FreeBSD? 2) The example in the Handbook encrypts the entire drive. If my system is going to use 1 big drive, I want /home and /data encrypted, while the rest of the system can stay non-encrypted, how should I go about doing this? Should I create a single big slice with 1 big root partition and 2 separated partitions for /home and /data and the initialise GELI on these specific partitions? Can basically anything be used a a "provider" for GELI? A disk drive, a slice, a partition inside a slice, a file? 3) The handbook states the following: "It is not mandatory that both a passphrase and a key file are used; either method of securing the Master Key can be used in isolation.". Now, how to use just the keyfile is pretty obvious, according to the geli manpage "geom init -P" will not use the passphrase as the key component. However, if I want to just protect my data using the passphrase and not use the keyfile(s), how do I do this? What are the implications of using only the passphrase instead of using both a passphrase and a keyfile? Thanks! Dan Naumov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cf9b1ee00905270445k179b9354sa44acee91507cfb8>