Date: Tue, 10 May 2005 15:29:51 -0400 From: Allan Fields <bsd@afields.ca> To: mrhino@hushmail.com Cc: freebsd-geom@freebsd.org Subject: Re: GBDE container file backup question Message-ID: <20050510192951.GA4358@afields.ca> In-Reply-To: <20050510110955.8B1AF36AF1@mailserver5.hushmail.com> References: <20050510110955.8B1AF36AF1@mailserver5.hushmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 10, 2005 at 04:09:51AM -0700, mrhino@hushmail.com wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > Apologies in advance if this isn't the right place to be asking > this question: > > I've got a gbde partition based on an image file, private.img. > I also have a lock file as per the instructions - /etc/gbde/md9 > > It's all working fine, but I want to be able to back it up somehow. > > If I back up private.img and /etc/gbde/md9, is that everything I Yes. (You can store the lock files separate from the encrypted volume for maximum security.) > need to do to be able to restore the encrypted partition? The lock > file seems awfully small to be an encryption key (compared to the > PGP keys I'm familiar with). It doesn't contain the encrypted keys or key material itself. It contains the encrypted location of the lock sectors and requires the pass phrase to obtain the master keys from the volume. > What about the 'keys' mentioned in the handbook - I created 2 keys > during the init, but I'm not sure where they are. Are they > analagous to my PGP private keys, or what? Do I need to back them > up somewhere? Do they have the same password? No, the key scheme is not a public key system. The pass phrase material is used symmetrically (same key to encrypte/decrypt), as AES is a symmetric cipher. Implementation of public keys is something to look forward to in the future. Some vnode-level solutions are integrating diverse key schemes. > Any advice appreciated. You might wish to read the very instructive paper by phk, found: http://phk.freebsd.dk/pubs/ > Yours, > Mark > -----BEGIN PGP SIGNATURE----- > Note: This signature can be verified at https://www.hushtools.com/verify > Version: Hush 2.4 > > wkYEARECAAYFAkKAlnYACgkQy7ADd7v2HyaSngCaAkYwBsqH3/3DBrrf/lXQjlaN2qsA > oIkbjdtl2BBFhRY6CKs5uO9phVq2 > =m5yy > -----END PGP SIGNATURE----- -- Allan Fields
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050510192951.GA4358>