geli metadata backup
RW
rwmaillists at googlemail.com
Mon Mar 5 12:52:40 UTC 2012
On Sat, 3 Mar 2012 17:24:15 -0500
Robert Simmons wrote:
> What exactly is contained in the metadata backup
> file /var/backups/_prov_.eli ?
I don't know exactly what's in the metadata, but the most important
thing is that it contains copies of the master key encrypted with the
user keys. If the metadata sector on the partition is corrupted then
you can't access your data.
> Obviously, since I keep /var inside of the encrypted provider, the
> default location is a bad place for a backup. Where would a good
> location be to save this metadata using the -B switch for geli init
> other than the default?
Anywhere you like except inside the volume it backs-up - preferably
offline. It is also somewhat sensitive. If someone else has the
metadata and the passphrase/keyfile, then changing or deleting the key
on disk wont help - you would have to dump the data and create a new
geli partition.
More information about the freebsd-geom
mailing list