Date: Sun, 20 Sep 2020 12:44:17 -0700 From: Kevin Oberman <rkoberman@gmail.com> To: David Christensen <dpchrist@holgerdanske.com> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Create new geli file system using existing key Message-ID: <CAN6yY1vShj8DLnSNzD5id3TE1-bjAKCFMO0Fg63JNmWvWBnXRg@mail.gmail.com> In-Reply-To: <fef7fd7a-2f6c-0d09-e1e7-8bcd1589ed9e@holgerdanske.com> References: <CAN6yY1uE-gfijR8n8%2BA0k6ufB=6EYEc6RbgbgpXj%2BV=80GOHPA@mail.gmail.com> <fef7fd7a-2f6c-0d09-e1e7-8bcd1589ed9e@holgerdanske.com>
next in thread | previous in thread | raw e-mail | index | archive | help
After thinking about this a bit longer, it's not really hard to do what I need to do using the resize command. More significantly, I really don't need to do this. Quick explanation of why this would be "helpful". I backup using rsync to a USB disk. I simply attach and mount the USB partition and fire up the synchronization (with a number of options and exceptions). It's convenient to have a single key file on thumb drive (geli attach -d -k/media/keys/FILENAME) with that command as an alias so I just type "gattach /dev/gpt/PARTITION". Hey, I'm lazy. A keystroke saved is a keystroke earned! I plan to change the alias to a very short script to pick the correct key for the operating and backup partitions. What I type won't change. -- Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 On Fri, Sep 18, 2020 at 9:07 PM David Christensen <dpchrist@holgerdanske.com> wrote: > On 2020-09-18 15:43, Kevin Oberman wrote: > > I suspect the answer to this is "you can't" and I can understand some > > strong arguments against it, but I have a case where it would be handy > and > > not a security risk. > > > > Can I initialize a GELI partition using the same key I am currently using > > for teh file system it is replacing? I am moving to a new computer and > > would love to keep the key (not pass phrase) I am currently using as it > > will greatly simplify my backup procedure. > > > > I could dd copy the existing raw, encrypted partition, but my new system > > has a larger disk and dd of a partition results in the partition being > > resized to match the source partition size. > > -- > > Kevin Oberman, Part time kid herder and retired Network Engineer > > E-mail: rkoberman@gmail.com > > PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 > > If by "key" you mean the GELI metadata, perhaps 'geli backup...' on the > old provider and 'gpart create...', 'gpart add...', 'geli restore...', > 'geli resize...', 'geli setkey...', and 'geli delkey...' on the new > disk would meet your needs (?). But, I would caution against installing > both disks into the same system. > > > I am curious -- how does having the same GELI metadata simplify your > backup procedure? > > > David > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1vShj8DLnSNzD5id3TE1-bjAKCFMO0Fg63JNmWvWBnXRg>