From owner-freebsd-stable@FreeBSD.ORG Sat Sep 20 23:17:17 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CC4631065670 for ; Sat, 20 Sep 2008 23:17:17 +0000 (UTC) (envelope-from fk@fabiankeil.de) Received: from smtprelay09.ispgateway.de (smtprelay09.ispgateway.de [80.67.29.23]) by mx1.freebsd.org (Postfix) with ESMTP id 8A4028FC15 for ; Sat, 20 Sep 2008 23:17:17 +0000 (UTC) (envelope-from fk@fabiankeil.de) Received: from [88.153.0.16] (helo=localhost) by smtprelay09.ispgateway.de with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from ) id 1KhBX4-00087O-A3; Sun, 21 Sep 2008 01:06:30 +0200 Date: Sun, 21 Sep 2008 01:06:24 +0200 From: Fabian Keil To: Steve Bertrand Message-ID: <20080921010624.7c4e5143@fabiankeil.de> In-Reply-To: <48D40EE2.5090900@ibctech.ca> References: <48D40EE2.5090900@ibctech.ca> X-Mailer: Claws Mail 3.5.0 (GTK+ 2.12.11; i386-portbld-freebsd8.0) X-PGP-KEY-URL: http://www.fabiankeil.de/gpg-keys/fk-2008-08-18.asc Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/L56MD.v=oCuNqTXjsrO.cnU"; protocol="application/pgp-signature"; micalg=PGP-SHA1 X-Df-Sender: 180909 Cc: freebsd-stable@freebsd.org Subject: Re: GELI encrypted ZFS zpool X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-stable@freebsd.org List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Sep 2008 23:17:17 -0000 --Sig_/L56MD.v=oCuNqTXjsrO.cnU Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Steve Bertrand wrote: > I have an older storage box that I've upgraded to -stable. It currently > uses 7 SCSI disks mashed together with gstripe. >=20 > I've recently replaced this box with a new one running a ZFS setup. I'm > now wanting to turn the old one into a storage device running ZFS, but I > want the entire pool encrypted with GELI. >=20 > I know I can do this, but my requirements are as such: >=20 > - use a key on external media to access the GELI encrypted disks > - not have to type in the passphrase for each physical disk >=20 > ...is this possible? It should be possible if you use keyfiles without password for the vdevs and store those keyfiles on a geli encrypted slice that uses both a keyfile and a passphrase. Fabian --Sig_/L56MD.v=oCuNqTXjsrO.cnU Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkjVgfAACgkQSMVSH78upWMikgCeJ8PchOQdy6Uw4nU6ACGHDe3a 8lwAmgNE1dlHKRakf/mxMQiss3s/2Ysh =Km01 -----END PGP SIGNATURE----- --Sig_/L56MD.v=oCuNqTXjsrO.cnU--