Simple disk encryption for off-site backup
Michael Ross
gmx at ross.cx
Thu Feb 27 18:01:53 UTC 2014
On Thu, 27 Feb 2014 16:30:53 +0100, Erich Dollansky
<erichsfreebsdlist at alogt.com> wrote:
> Hi,
>
> On Thu, 27 Feb 2014 04:59:04 +0100
> Polytropon <freebsd at edvax.de> wrote:
>
>> I'm planning to add a new disk next month to my home setup.
>> It should be an external USB disk for off-site (really!)
>> backup. That's why I would like to see the content encrypted.
>> I have no problem with entering a long passphrase when mounting
>> the disk for backup or restore operations, and probably I would
>> not feel safe enough by just using keys (stored somewhere).
>> The file system will be UFS, so there is no need to worry that
>> some other OS or "Windows" would not be able to read it. :-)
>>
>> My question is: What is the _easiest_ mechanism to initialize
>> a disk for encrypted use? It should work with FreeBSD 9 and 10
>> in the first place.
>>
>>
> I use geli.
>
> There is a huge problem in geli which is not documented. If you create
> a container with FreeBSD 10, FreeBSD 9 will not be able access it. You
> must use the oldest version of FreeBSD which is supposed to work with
> the disk to create the encrypted container. This would be 9.x in your
> case.
>
> Erich
Theoretically you should be able to ``geli init -V <metadata-version>''.
Never tried it though.
There's a list of metadata versions at the end of the man page,
with FreeBSD 10 still missing ( has v7 ).
Regards,
Michael
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list