Simple disk encryption for off-site backup

Erich Dollansky erichsfreebsdlist at
Thu Feb 27 16:18:58 UTC 2014


On Thu, 27 Feb 2014 04:59:04 +0100
Polytropon <freebsd at> wrote:

> I'm planning to add a new disk next month to my home setup.
> It should be an external USB disk for off-site (really!)
> backup. That's why I would like to see the content encrypted.
> I have no problem with entering a long passphrase when mounting
> the disk for backup or restore operations, and probably I would
> not feel safe enough by just using keys (stored somewhere).
> The file system will be UFS, so there is no need to worry that
> some other OS or "Windows" would not be able to read it. :-)
> My question is: What is the _easiest_ mechanism to initialize
> a disk for encrypted use? It should work with FreeBSD 9 and 10
> in the first place.
I use geli.

There is a huge problem in geli which is not documented. If you create
a container with FreeBSD 10, FreeBSD 9 will not be able access it. You
must use the oldest version of FreeBSD which is supposed to work with
the disk to create the encrypted container. This would be 9.x in your


More information about the freebsd-questions mailing list