GBDE container file backup question

mrhino at hushmail.com mrhino at hushmail.com
Tue May 10 14:16:12 PDT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks for that; much appreciated.

I had read that paper, several times, but hadn't quite understood
that the lock file simply pointed to the lock sectors on the
device.

Thanks again,
Mark


On Tue, May 10, 2005 at 04:09:51AM -0700, mrhino at hushmail.com
wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
> Apologies in advance if this isn't the right place to be asking
> this question:
>
> I've got a gbde partition based on an image file, private.img.
> I also have a lock file as per the instructions - /etc/gbde/md9
>
> It's all working fine, but I want to be able to back it up
somehow.
>
> If I back up private.img and /etc/gbde/md9, is that everything I

Yes.  (You can store the lock files separate from the encrypted
volume
for maximum security.)

> need to do to be able to restore the encrypted partition? The
lock
> file seems awfully small to be an encryption key (compared to the
> PGP keys I'm familiar with).

It doesn't contain the encrypted keys or key material itself.  It
contains the encrypted location of the lock sectors and requires
the pass phrase to obtain the master keys from the volume.

> What about the 'keys' mentioned in the handbook  - I created 2
keys
> during the init, but I'm not sure where they are. Are they
> analagous to my PGP private keys, or what? Do I need to back them
> up somewhere? Do they have the same password?

No, the key scheme is not a public key system.  The pass phrase
material
is used symmetrically (same key to encrypte/decrypt), as AES is a
symmetric cipher.

Implementation of public keys is something to look forward to in
the future.  Some vnode-level solutions are integrating diverse
key schemes.

> Any advice appreciated.

You might wish to read the very instructive paper by phk, found:
http://phk.freebsd.dk/pubs/

> Yours,
> Mark
> -----BEGIN PGP SIGNATURE-----
> Note: This signature can be verified at
https://www.hushtools.com/verify
> Version: Hush 2.4
>
>
wkYEARECAAYFAkKAlnYACgkQy7ADd7v2HyaSngCaAkYwBsqH3/3DBrrf/lXQjlaN2qsA

> oIkbjdtl2BBFhRY6CKs5uO9phVq2
> =m5yy
> -----END PGP SIGNATURE-----

- --
Allan Fields
_______________________________________________
freebsd-geom at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-geom
To unsubscribe, send any mail to "freebsd-geom-
unsubscribe at freebsd.org"
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkKBJIcACgkQy7ADd7v2HyZvDACfY5VsU4s9kdFMyx/YNVGOigK73hIA
n0QGSh2ySvqldeCVyuuC1F/E81h4
=fdpq
-----END PGP SIGNATURE-----

More information about the freebsd-geom mailing list