Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 2 Jan 2020 22:43:32 +0000
From:      RW <rwmaillists@googlemail.com>
To:        freebsd-hackers@freebsd.org
Subject:   Re: geli - changing keyfile
Message-ID:  <20200102224332.50eabafb@gumby.homeunix.com>
In-Reply-To: <alpine.BSF.2.20.2001021906280.95747@puchar.net>
References:  <alpine.BSF.2.20.2001021906280.95747@puchar.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2 Jan 2020 19:07:44 +0100 (CET)
Wojciech Puchar wrote:

> i probably cannot properly read manuals but still not sure how to do
> that.
> 
> i have geli encrypted volume with keyfile only - no password
> created by geli init -s 4096 -P -K <somefile>
> 
> now i want to change the key file to <someotherfile>. still no
> password.

I've never had cause to do this, but it would be done with geli setkey.

Note that if an attacker has a copy of either the geli metadata sector
or a geli metadata back-up file, the old key-file can still be used to
access your data.





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200102224332.50eabafb>