gbde and geli - differences

RW fbsd06 at
Tue Mar 20 22:36:24 UTC 2007

On Tue, 20 Mar 2007 19:06:28 +0100 (CET)
Wojciech Puchar <wojtek at> wrote:

> what they are. both works, both works right.
> geli has more options.
> why there are both? what should i use to have better chance i will be
> able to recover data after say 10 years knowing password?
I presume it's to do with geli using OpenSSL libraries and so picking-up
hardware acceleration where available. I think gdbe is being sidelined.

> i need both encrypted partition and encrypted copies/DVDs.

I'd be interested if anyone has a method for creating encrypted DVDs
that still works. 

A couple of years ago I played around with encrypted CDs by using a
650Mb file as a backing store for an encrypted md partition and then
just burning a CD with that file on it. The same technique can be
extended to DVDs by using using two or more backing files with gconcat,
to get around the problem that an  ISO 9660 filesystem wont support a
single 4.7GB file. 

It worked at the time, but recently I found that the technique no
longer works, gbde wouldn't attach the device as it's read-only. I know
the behaviour has changed, because I had the old scripts, that had
worked before. It's still possible to access the data by copying the
backing files to disk, but that's not very practical. I guess it may be
possible to work around the problem with a union filesystem, but I
haven't pursued that yet. 

I understand that it's possible to encrypt a DVD+RW as an ordinary
partition, but that it's painfully slow. And I don't really want to use
RW disks.

More information about the freebsd-questions mailing list