Date: Thu, 4 Jun 2009 01:11:52 +0300 From: Dan Naumov <dan.naumov@gmail.com> To: freebsd-geom@freebsd.org Subject: GELI and dynamically sized file providers? Message-ID: <cf9b1ee00906031511k543c5901u62647edc6227bbf2@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello list. As far as I know, this feature hasn't been implemented (if it is, by all means please educate me on this) and I think it would make a really good addition to the current options of using GELI encryption on FreeBSD. What I want is to have data encrypted with GELI and kept inside an encrypted file that is held on a regular ZFS or UFS2 partition. Now I know it is possible to just dd an arbitrarily sized block of data as a file onto the partition and use it as a provider for GELI, but this has a very serious limitation: you cannot resize this file without essentially have to move all your data out, delete the provider, create a new smaller/bigger file, use it as a new provider for GELI and then move the data back inside it. This is really really cumbersome. What would be really nice is to have this block of data used as a provider to dynamically grow or shrink as more or less is needed to store the encrypted files. This would open up a lot of options for the user: 1) You would be able to start small and then grow your amount of encrypted data for as long as you have free space on the ZFS / UFS2 partition holding the dynamic file provider. 2) If you end up overestimating your need for the amount of data you want to be encrypted, the provider shrinks accordingly, leaving more space free on the ZFS / UFS2 partition for use for unencrypted data without any speed penalties that come with using encryption. 3) This makes combining data redundancy and encryption a LOT easier: for example you can have a 4 disk ZFS raidz of 2tb disks (resulting in 6tb of space usable) and a dynamic file provider kept on this raidz than grows or shrinks according to space requirements of the encrypted files AND your data integrity and redundancy is on the shoulders of ZFS instead of having the user ponder the most non-insane way of doing things and avoiding things like having to keep separate partitions used as providers for 4 different GELI devices that each have to be "opened" with a passkey before the ZFS pool can be brought online or having to keep one ENORMOUS file container inside the ZFS pool taking up a lot of space without you ever knowing if you are going to ever use it all. - Dan Naumov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cf9b1ee00906031511k543c5901u62647edc6227bbf2>