From owner-freebsd-questions@freebsd.org Sun Sep 20 19:52:22 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2E38B3EF518 for ; Sun, 20 Sep 2020 19:52:22 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: from mail-oi1-x230.google.com (mail-oi1-x230.google.com [IPv6:2607:f8b0:4864:20::230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BvdWn01K1z4SL6 for ; Sun, 20 Sep 2020 19:52:20 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: by mail-oi1-x230.google.com with SMTP id n2so14483050oij.1 for ; Sun, 20 Sep 2020 12:52:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DmGABK00O/EuKXYqE7mvKZVSbIoii3oYzTy6+k/X6o8=; b=l0gxfUPd99bibSMW4uBfMcWSei5IdSutX39bw80kzOFaV/NGfxc5aJhypiljuadJH8 PG6CPPHgPpE1QUw1Dk/QD6YM6vlKDjc05AIXq1YO1a3aARJFz8saWoULEF57ZJC7rn+f XfUmBLEISxwkHoHwThneHfp4RnOb+0Pu0yevhc1pn6oyczzV8X+t/izKCYQVy8TxvAsh UjdPiOWknpPmd6JffsYr1cm0OK4u0L5l4Iop1uLWZWW+AShO75qQdkNSmcLp0hQQ3sYB x6qySCa2ANnI9Q+bxEnFlLVrfRmEHQbMts3RGa+Inb0YypVGMeJjsLQuRnq6VZ//Epw5 BSAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DmGABK00O/EuKXYqE7mvKZVSbIoii3oYzTy6+k/X6o8=; b=k+47hja28qzH0avTK6yGEbUv76ZHT7iiAgA4AV8tUasOk3AqQbHJywUkqyaIL/6Lzj Y5gaPw/V96Z6EXEnVoVAsqKAj42zMLEcg4sMVp4GFJUun1SkuQlwtIilRc+O/Aw7qNko 8dwzsXd4NfuTj0tXEHtvJJbCDLxjWZI19YsSDfvN/KC+oAJH+Y9kK1rQy2tV179bnfcD w1LEuoXXfYfhKevR70514/cFR05Z9/CIGksUlwrQpXzHuoPm68kY/4aO2dO7NmotvjQY MlKBfCua5kltr5lqd7szwm010gevM35kKC+xe9MybKRhMdTq3K7gl/bu/FmZuK/fPFiG 9HTw== X-Gm-Message-State: AOAM531Jz7WmntZdTOIE24lufr98fdlCVryvJSCSZ57H2SmZMzHkQSay 8MvWcm2fTcMNjIZRDRifBPTNb7LROI9BXe6u9jMsV9r+E3sWJg== X-Google-Smtp-Source: ABdhPJyGp1a+lOQlqAwog4WZFog5/h3cTEL4h6HWBbJ6l+jKq43LDuZZan/1j7MKiJrrZuIA65Da1OwNlXv3vEbR2K0= X-Received: by 2002:aca:48cc:: with SMTP id v195mr16355169oia.57.1600631073729; Sun, 20 Sep 2020 12:44:33 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Kevin Oberman Date: Sun, 20 Sep 2020 12:44:17 -0700 Message-ID: Subject: Re: Create new geli file system using existing key To: David Christensen Cc: "freebsd-questions@freebsd.org" X-Rspamd-Queue-Id: 4BvdWn01K1z4SL6 X-Spamd-Bar: ++++++++ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=l0gxfUPd; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of kob6558@gmail.com designates 2607:f8b0:4864:20::230 as permitted sender) smtp.mailfrom=kob6558@gmail.com X-Spamd-Result: default: False [8.97 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; GREYLIST(0.00)[pass,body]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(0.00)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(0.00)[gmail.com,none]; NEURAL_HAM_SHORT(-0.43)[-0.430]; FORGED_SENDER(0.30)[rkoberman@gmail.com,kob6558@gmail.com]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_NEQ_ENVFROM(0.00)[rkoberman@gmail.com,kob6558@gmail.com]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; R_DKIM_ALLOW(0.00)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; NEURAL_SPAM_MEDIUM(0.67)[0.673]; BAD_REP_POLICIES(0.10)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(0.93)[0.928]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::230:from]; URIBL_BLACK(7.50)[holgerdanske.com:email]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] X-Spam: Yes Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Sep 2020 19:52:22 -0000 After thinking about this a bit longer, it's not really hard to do what I need to do using the resize command. More significantly, I really don't need to do this. Quick explanation of why this would be "helpful". I backup using rsync to a USB disk. I simply attach and mount the USB partition and fire up the synchronization (with a number of options and exceptions). It's convenient to have a single key file on thumb drive (geli attach -d -k/media/keys/FILENAME) with that command as an alias so I just type "gattach /dev/gpt/PARTITION". Hey, I'm lazy. A keystroke saved is a keystroke earned! I plan to change the alias to a very short script to pick the correct key for the operating and backup partitions. What I type won't change. -- Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 On Fri, Sep 18, 2020 at 9:07 PM David Christensen wrote: > On 2020-09-18 15:43, Kevin Oberman wrote: > > I suspect the answer to this is "you can't" and I can understand some > > strong arguments against it, but I have a case where it would be handy > and > > not a security risk. > > > > Can I initialize a GELI partition using the same key I am currently using > > for teh file system it is replacing? I am moving to a new computer and > > would love to keep the key (not pass phrase) I am currently using as it > > will greatly simplify my backup procedure. > > > > I could dd copy the existing raw, encrypted partition, but my new system > > has a larger disk and dd of a partition results in the partition being > > resized to match the source partition size. > > -- > > Kevin Oberman, Part time kid herder and retired Network Engineer > > E-mail: rkoberman@gmail.com > > PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 > > If by "key" you mean the GELI metadata, perhaps 'geli backup...' on the > old provider and 'gpart create...', 'gpart add...', 'geli restore...', > 'geli resize...', 'geli setkey...', and 'geli delkey...' on the new > disk would meet your needs (?). But, I would caution against installing > both disks into the same system. > > > I am curious -- how does having the same GELI metadata simplify your > backup procedure? > > > David > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >