Date: Sun, 20 Sep 2020 22:55:11 -0700 From: David Christensen <dpchrist@holgerdanske.com> To: freebsd-questions@freebsd.org Subject: Re: Create new geli file system using existing key Message-ID: <b484587f-93a3-84da-6e4f-3e564ff9bbfd@holgerdanske.com> In-Reply-To: <CAN6yY1vShj8DLnSNzD5id3TE1-bjAKCFMO0Fg63JNmWvWBnXRg@mail.gmail.com> References: <CAN6yY1uE-gfijR8n8%2BA0k6ufB=6EYEc6RbgbgpXj%2BV=80GOHPA@mail.gmail.com> <fef7fd7a-2f6c-0d09-e1e7-8bcd1589ed9e@holgerdanske.com> <CAN6yY1vShj8DLnSNzD5id3TE1-bjAKCFMO0Fg63JNmWvWBnXRg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2020-09-20 12:44, Kevin Oberman wrote: > After thinking about this a bit longer, it's not really hard to do what I > need to do using the resize command. More significantly, I really don't > need to do this. > > Quick explanation of why this would be "helpful". I backup using rsync to a > USB disk. I simply attach and mount the USB partition and fire up the > synchronization (with a number of options and exceptions). It's convenient > to have a single key file on thumb drive (geli attach -d > -k/media/keys/FILENAME) with that command as an alias so I just type > "gattach /dev/gpt/PARTITION". Hey, I'm lazy. A keystroke saved is a > keystroke earned! > > I plan to change the alias to a very short script to pick the correct key > for the operating and backup partitions. What I type won't change. So, your backup media is USB hard disk drives, each drive has a GELI provider (containing a filesystem), the GELI keyfile is on a USB flash drive, and you have a script "gattach" that attaches the backup disk GELI providers using the keyfile (?). I do not believe you need (or want) to have identical GELI metadata on the USB hard disk drives. I believe you just need to specify the same keyfile when you create each GELI provider. Also, I also do not believe you need to resize. When you provision a device as backup media, partition it to use all or most of the available space, create a GELI provider using the keyfile on the USB flash drive and a passphrase you have memorized, attach the GELI provider, and create a filesystem. Done this way, connecting multiple backup drives, attaching multiple backup GELI containers, and mounting multiple backup filesystems at the same time should not be a problem. I presume you have (encrypted) backups of the keyfile (!). Alternatively, GELI has two "slots" and you can put a (strong) passphrase alone into the second slot. That way, if you lose everything except one backup drive and the second passphrase, you can still recover. David
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b484587f-93a3-84da-6e4f-3e564ff9bbfd>