Create new geli file system using existing key

David Christensen dpchrist at holgerdanske.com
Sat Sep 19 04:07:04 UTC 2020


On 2020-09-18 15:43, Kevin Oberman wrote:
> I suspect the answer to this is "you can't" and I can understand some
> strong arguments against it, but I have a case where it would be handy and
> not a security risk.
> 
> Can I initialize a GELI partition using the same key I am currently using
> for teh file system it is replacing? I am moving to a new computer and
> would love to keep the key (not pass phrase) I am currently using as it
> will greatly simplify my backup procedure.
> 
> I could dd copy the existing raw, encrypted partition, but my new system
> has a larger disk and dd of a partition results in the partition being
> resized to match the source partition size.
> --
> Kevin Oberman, Part time kid herder and retired Network Engineer
> E-mail: rkoberman at gmail.com
> PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683

If by "key" you mean the GELI metadata, perhaps 'geli backup...' on the 
old provider and 'gpart create...', 'gpart add...', 'geli restore...', 
'geli resize...', 'geli setkey...', and 'geli delkey...'  on the new 
disk would meet your needs (?).  But, I would caution against installing 
both disks into the same system.


I am curious -- how does having the same GELI metadata simplify your 
backup procedure?


David


More information about the freebsd-questions mailing list