Simple disk encryption for off-site backup

Michael Ross gmx at
Thu Feb 27 18:01:53 UTC 2014

On Thu, 27 Feb 2014 16:30:53 +0100, Erich Dollansky  
<erichsfreebsdlist at> wrote:

> Hi,
> On Thu, 27 Feb 2014 04:59:04 +0100
> Polytropon <freebsd at> wrote:
>> I'm planning to add a new disk next month to my home setup.
>> It should be an external USB disk for off-site (really!)
>> backup. That's why I would like to see the content encrypted.
>> I have no problem with entering a long passphrase when mounting
>> the disk for backup or restore operations, and probably I would
>> not feel safe enough by just using keys (stored somewhere).
>> The file system will be UFS, so there is no need to worry that
>> some other OS or "Windows" would not be able to read it. :-)
>> My question is: What is the _easiest_ mechanism to initialize
>> a disk for encrypted use? It should work with FreeBSD 9 and 10
>> in the first place.
> I use geli.
> There is a huge problem in geli which is not documented. If you create
> a container with FreeBSD 10, FreeBSD 9 will not be able access it. You
> must use the oldest version of FreeBSD which is supposed to work with
> the disk to create the encrypted container. This would be 9.x in your
> case.
> Erich

Theoretically you should be able to ``geli init -V <metadata-version>''.
Never tried it though.

There's a list of metadata versions at the end of the man page,
with FreeBSD 10 still missing ( has v7 ).



> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to  
> "freebsd-questions-unsubscribe at"

More information about the freebsd-questions mailing list