From owner-freebsd-questions@FreeBSD.ORG Thu Feb 27 18:01:53 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 79ABC17F for ; Thu, 27 Feb 2014 18:01:53 +0000 (UTC) Received: from www81.your-server.de (www81.your-server.de [213.133.104.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 37CBC1377 for ; Thu, 27 Feb 2014 18:01:52 +0000 (UTC) Received: from [188.108.252.211] (helo=michael-think) by www81.your-server.de with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.74) (envelope-from ) id 1WJ5HK-0003Ql-AD; Thu, 27 Feb 2014 19:01:50 +0100 Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes To: Polytropon , "Erich Dollansky" Subject: Re: Simple disk encryption for off-site backup References: <20140227045904.5ba67227.freebsd@edvax.de> <20140227233053.03e44b32@X220.alogt.com> Date: Thu, 27 Feb 2014 19:01:43 +0100 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Michael Ross" Message-ID: In-Reply-To: <20140227233053.03e44b32@X220.alogt.com> User-Agent: Opera Mail/1.0 (Win32) X-Authenticated-Sender: gmx@ross.cx X-Virus-Scanned: Clear (ClamAV 0.97.8/18522/Thu Feb 27 16:41:47 2014) Cc: FreeBSD Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Feb 2014 18:01:53 -0000 On Thu, 27 Feb 2014 16:30:53 +0100, Erich Dollansky wrote: > Hi, > > On Thu, 27 Feb 2014 04:59:04 +0100 > Polytropon wrote: > >> I'm planning to add a new disk next month to my home setup. >> It should be an external USB disk for off-site (really!) >> backup. That's why I would like to see the content encrypted. >> I have no problem with entering a long passphrase when mounting >> the disk for backup or restore operations, and probably I would >> not feel safe enough by just using keys (stored somewhere). >> The file system will be UFS, so there is no need to worry that >> some other OS or "Windows" would not be able to read it. :-) >> >> My question is: What is the _easiest_ mechanism to initialize >> a disk for encrypted use? It should work with FreeBSD 9 and 10 >> in the first place. >> >> > I use geli. > > There is a huge problem in geli which is not documented. If you create > a container with FreeBSD 10, FreeBSD 9 will not be able access it. You > must use the oldest version of FreeBSD which is supposed to work with > the disk to create the encrypted container. This would be 9.x in your > case. > > Erich Theoretically you should be able to ``geli init -V ''. Never tried it though. There's a list of metadata versions at the end of the man page, with FreeBSD 10 still missing ( has v7 ). Regards, Michael > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"