geli - changing keyfile
RW
rwmaillists at googlemail.com
Thu Jan 2 22:43:39 UTC 2020
On Thu, 2 Jan 2020 19:07:44 +0100 (CET)
Wojciech Puchar wrote:
> i probably cannot properly read manuals but still not sure how to do
> that.
>
> i have geli encrypted volume with keyfile only - no password
> created by geli init -s 4096 -P -K <somefile>
>
> now i want to change the key file to <someotherfile>. still no
> password.
I've never had cause to do this, but it would be done with geli setkey.
Note that if an attacker has a copy of either the geli metadata sector
or a geli metadata back-up file, the old key-file can still be used to
access your data.
More information about the freebsd-hackers
mailing list