From owner-freebsd-questions@FreeBSD.ORG Tue Apr 21 12:41:31 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5A7FA106566B for ; Tue, 21 Apr 2009 12:41:31 +0000 (UTC) (envelope-from wmoran@potentialtech.com) Received: from mail.potentialtech.com (internet.potentialtech.com [66.167.251.6]) by mx1.freebsd.org (Postfix) with ESMTP id 2BE418FC15 for ; Tue, 21 Apr 2009 12:41:30 +0000 (UTC) (envelope-from wmoran@potentialtech.com) Received: from vanquish.ws.pitbpa0.priv.collaborativefusion.com (pr40.pitbpa0.pub.collaborativefusion.com [206.210.89.202]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.potentialtech.com (Postfix) with ESMTPSA id 45C3DEBC0A; Tue, 21 Apr 2009 08:41:30 -0400 (EDT) Date: Tue, 21 Apr 2009 08:41:29 -0400 From: Bill Moran To: Bernt Hansson Message-Id: <20090421084129.50e45609.wmoran@potentialtech.com> In-Reply-To: <49EDBAB6.1020201@bah.homeip.net> References: <49ECCF4E.3060104@bah.homeip.net> <87zlebc7fx.fsf@kobe.laptop> <49EDBAB6.1020201@bah.homeip.net> X-Mailer: Sylpheed 2.6.0 (GTK+ 2.14.7; i386-portbld-freebsd7.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Giorgos Keramidas , freebsd-questions@freebsd.org Subject: Re: Encrypted slice with geli X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Apr 2009 12:41:31 -0000 In response to Bernt Hansson : > Giorgos Keramidas said the following on 2009-04-20 23:59: > > On Mon, 20 Apr 2009 21:38:54 +0200, Bernt Hansson wrote: > >> Hello list! > >> > >> I was thinking of makeing a slice encrypted with geli. > >> > >> My question is: does geli init -s 4096 /dev/ad* erase the data on the > >> slice. The handbook didn't say yes or no, and I don't want to try > >> without asking. > > > > No, > > No, what? does it erase the data or not. It depends on exactly what part of the process you're talking about, and it depends on exactly what you mean by "erase". Geli doesn't explicitly destroy your data at any point in the process. However, most HOWTOs I've ready will tell you at some step or another to overwrite the partition using dd and /dev/zero, which _does_ destroy the data. Also, even if you skip the dd step, geli will alter the partition in such a way that typical tools will not see the data. However, if you know your stuff, you can bypass normal tools and still read (part of?) the data. So, if your question is "I want to securely destroy the data on a partition, can geli do that?" the answer is No. If your question is, "I'm switching a partition to using geli, do I need to back up my data before doing so?" the answer is YES! > But I want to keep the info on the slice. Then you need to copy it elsewhere, then copy it back after the slice is encrypted. -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/