geli + journal

RW rwmaillists at
Mon Nov 14 23:51:02 UTC 2011

On Tue, 15 Nov 2011 00:06:00 +0200
Коньков Евгений wrote:

>catch idea, but some question:
> in this situation .eli.journal  journal device will not be encrypted?
>  can you describe how data flow will be?

The journal is encrypted unless you choose to put it on a separate
non-encrypted device. 

In principle the data is encrypted into the journal, decrypted from
the journal and then re-encrypted into its final location. In practice
I've found that in file copying between disks, writing uses about
twice as much cpu time as reading, so maybe the decryption  from the
journal can be avoided by caching.

More information about the freebsd-questions mailing list