From owner-freebsd-questions@freebsd.org Sat Sep 19 04:07:04 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8BF9C3F997E for ; Sat, 19 Sep 2020 04:07:04 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from holgerdanske.com (holgerdanske.com [184.105.128.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "www.holgerdanske.com", Issuer "www.holgerdanske.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BtcbW1Rp6z4XhX for ; Sat, 19 Sep 2020 04:07:02 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from 99.100.19.101 (99-100-19-101.lightspeed.frokca.sbcglobal.net [99.100.19.101]) by holgerdanske.com with ESMTPSA (TLS_AES_128_GCM_SHA256:TLSv1.3:Kx=any:Au=any:Enc=AESGCM(128):Mac=AEAD) (SMTP-AUTH username dpchrist@holgerdanske.com, mechanism PLAIN) for ; Fri, 18 Sep 2020 21:06:52 -0700 Subject: Re: Create new geli file system using existing key To: freebsd-questions@freebsd.org References: From: David Christensen Message-ID: Date: Fri, 18 Sep 2020 21:06:52 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4BtcbW1Rp6z4XhX X-Spamd-Bar: +++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of dpchrist@holgerdanske.com has no SPF policy when checking 184.105.128.27) smtp.mailfrom=dpchrist@holgerdanske.com X-Spamd-Result: default: False [3.02 / 15.00]; RCVD_TLS_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_SPAM_SHORT(0.61)[0.613]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_SPAM_MEDIUM(0.62)[0.619]; ARC_NA(0.00)[]; NEURAL_SPAM_LONG(0.89)[0.887]; DMARC_NA(0.00)[holgerdanske.com]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:184.104.0.0/15, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Sep 2020 04:07:04 -0000 On 2020-09-18 15:43, Kevin Oberman wrote: > I suspect the answer to this is "you can't" and I can understand some > strong arguments against it, but I have a case where it would be handy and > not a security risk. > > Can I initialize a GELI partition using the same key I am currently using > for teh file system it is replacing? I am moving to a new computer and > would love to keep the key (not pass phrase) I am currently using as it > will greatly simplify my backup procedure. > > I could dd copy the existing raw, encrypted partition, but my new system > has a larger disk and dd of a partition results in the partition being > resized to match the source partition size. > -- > Kevin Oberman, Part time kid herder and retired Network Engineer > E-mail: rkoberman@gmail.com > PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 If by "key" you mean the GELI metadata, perhaps 'geli backup...' on the old provider and 'gpart create...', 'gpart add...', 'geli restore...', 'geli resize...', 'geli setkey...', and 'geli delkey...' on the new disk would meet your needs (?). But, I would caution against installing both disks into the same system. I am curious -- how does having the same GELI metadata simplify your backup procedure? David