Create new geli file system using existing key

Kevin Oberman rkoberman at gmail.com
Sun Sep 20 19:52:22 UTC 2020 

After thinking about this a bit longer, it's not really hard to do what I
need to do using the resize command. More significantly, I really don't
need to do this.

Quick explanation of why this would be "helpful". I backup using rsync to a
USB disk. I simply attach and mount the USB partition and fire up the
synchronization (with a number of options and exceptions). It's convenient
to have a single key file on thumb drive (geli attach -d
-k/media/keys/FILENAME) with that command as an alias so I just type
"gattach /dev/gpt/PARTITION". Hey, I'm lazy. A keystroke saved is a
keystroke earned!

I plan to change the alias to a very short script to pick the correct key
for the operating and backup partitions. What I type won't change.
--
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkoberman at gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683


On Fri, Sep 18, 2020 at 9:07 PM David Christensen <dpchrist at holgerdanske.com>
wrote:

> On 2020-09-18 15:43, Kevin Oberman wrote:
> > I suspect the answer to this is "you can't" and I can understand some
> > strong arguments against it, but I have a case where it would be handy
> and
> > not a security risk.
> >
> > Can I initialize a GELI partition using the same key I am currently using
> > for teh file system it is replacing? I am moving to a new computer and
> > would love to keep the key (not pass phrase) I am currently using as it
> > will greatly simplify my backup procedure.
> >
> > I could dd copy the existing raw, encrypted partition, but my new system
> > has a larger disk and dd of a partition results in the partition being
> > resized to match the source partition size.
> > --
> > Kevin Oberman, Part time kid herder and retired Network Engineer
> > E-mail: rkoberman at gmail.com
> > PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
>
> If by "key" you mean the GELI metadata, perhaps 'geli backup...' on the
> old provider and 'gpart create...', 'gpart add...', 'geli restore...',
> 'geli resize...', 'geli setkey...', and 'geli delkey...'  on the new
> disk would meet your needs (?).  But, I would caution against installing
> both disks into the same system.
>
>
> I am curious -- how does having the same GELI metadata simplify your
> backup procedure?
>
>
> David
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>

More information about the freebsd-questions mailing list