Encrypted slice with geli

[Bernt Hansson]

Bill Moran said the following on 2009-04-21 14:41:
> In response to Bernt Hansson <bernt at bah.homeip.net>:
> 
>> Giorgos Keramidas said the following on 2009-04-20 23:59:
>>> On Mon, 20 Apr 2009 21:38:54 +0200, Bernt Hansson <bernt at bah.homeip.net> wrote:
>>>> Hello list!
>>>>
>>>> I was thinking of makeing a slice encrypted with geli.
>>>>
>>>> My question is: does geli init -s 4096 /dev/ad* erase the data on the
>>>> slice. The handbook didn't say yes or no, and I don't want to try
>>>> without asking.
>>> No, 
>> No, what? does it erase the data or not.
> 
> It depends on exactly what part of the process you're talking about


My question is: does geli init -s 4096 /dev/ad* erase the data on the
slice

> and it depends on exactly what you mean by "erase".

Destroy it so it's no longer aviable.

> Geli doesn't explicitly destroy your data at any point in the process.
> However, most HOWTOs I've ready will tell you at some step or another
> to overwrite the partition using dd and /dev/zero, which _does_
> destroy the data.

Yes. That much I do know.

> Also, even if you skip the dd step, geli will alter the partition in
> such a way that typical tools will not see the data.  However, if you
> know your stuff, you can bypass normal tools and still read (part of?)
> the data.

Not good.

> If your question is, "I'm switching a partition to using geli, do I
> need to back up my data before doing so?" the answer is YES!

I do NOT want to backup the data unencrypted.

>> But I want to keep the info on the slice.
> 
> Then you need to copy it elsewhere, then copy it back after the slice
> is encrypted.

Dont have the space for that.