blazingice said:The other benefit is backup. With pefs you can backup files without having to decrypt them. I don't think you can do that with geli.
# dd if=/dev/encrypted_unattached_disk of=/dev/stdout bs=64M | xz > compressed_encrypted_disk_image.xz
GELI can be set up to use key files and/or passwords, if that's what you mean. See the -p, -P, -k and -K options formah454 said:Can I use file.key instead of a password?
geli init
and geli setkey
, as described in geli(8).blazingice said:It is worth considering pefs too.