Date: Wed, 21 Mar 2007 23:15:50 +0100 From: Roland Smith <rsmith@xs4all.nl> To: RW <fbsd06@mlists.homeunix.com> Cc: freebsd-questions@freebsd.org Subject: Re: gbde and geli - differences Message-ID: <20070321221550.GB72124@slackbox.xs4all.nl> In-Reply-To: <20070321183319.72ceab4c@gumby.homeunix.com> References: <20070320190305.O29971@chylonia.3miasto.net> <20070320223619.6c18cd08@gumby.homeunix.com> <20070320231504.GB38069@slackbox.xs4all.nl> <20070321001321.5dea258f@gumby.homeunix.com> <20070321070251.GA50637@slackbox.xs4all.nl> <20070321183319.72ceab4c@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--TRYliJ5NKNqkz5bu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 21, 2007 at 06:33:19PM +0000, RW wrote: > How do you attach the dvd content? >=20 > # geli attach /dev/cd0 > Cannot read metadata from /dev/cd0: Invalid argument. >=20 > geli attach -r /dev/cd0 > Cannot read metadata from /dev/cd0: Invalid argument. I get the same error. Odd. I thought I used that trick before. It definitely works on the USB drives that I use as primary backup (no memory disk necessary in that case). The following is what I currently use to make encrypted backups to DVD, bec= ause it requires less interaction; I bundle appropriate numbers of files and directories up in tarfiles (bzip2-ed unless it contains photos etc), so that every tarfile is slightly under DVD size. I've put this in a script, because a lot of my directories don't grow very fast. Alternatively you can use a tool like dirsplit (http://freshmeat.net/projects/dirsplit/) to make file catalogs. Next I encrypt every tarfile with ccrypt(1) from ports, because it uses the Rijndael (aes) cipher. You can use another encryption program if you like, like enc(1) from OpenSSl with the Blowfish cipher, or gnupg with a symmetric cipher like aes256 or twofish or blowfish if you don't want to keep a separate key. Don't use crypt(1) or bdes(1), they're not considered safe anymore. The encypted file is then directly burned (as an image) with growisofs. To extract the contents I use the following command: cat /dev/cd0|ccrypt -d|tar xjf - The file is cat-ed because ccrypt doesn't want to open device files. This might be overkill, depending on who you're trying to protect the data from. If you burn the unencrypted tarfile to DVD, the average windows user wouldn't have a clue how to open it. Of course a 'file -s' would tell any competent sysadmin that you've burned a tarfile. OTOH, if you encypt the data and forget the keyphrase, your data is lost. Roland --=20 R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) --TRYliJ5NKNqkz5bu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (FreeBSD) iD8DBQFGAa6WEnfvsMMhpyURAp/wAJ4so45pGCHJb2jSkEyy6pOsFkWi3QCfTbuH dFswOM3cMawuSV1RTPEA7oE= =pdy9 -----END PGP SIGNATURE----- --TRYliJ5NKNqkz5bu--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070321221550.GB72124>