Deleted member 60479
I lost the encryption key (ada1.key) to my backup. Is it possible to access the backup drive?
Reaction score: 165
If you used full disk encryption, no. The whole disk is encrypted with that same key.Is there a key file for the operating system as well, when it is encrypted?
The password is useless without the key and the key is useless without the password. You need to have both to unlock the encryption.I have the passphrase. I just don't have the key-file ada1.eli
The disk itself could simply die too. But yes, encryption does mean you need to take really good care of your keys. Back them up and store them somewhere safe (not on the disk that requires that key to access it).Sometimes encryption hurts you more than it protects you.
Why would there be a key file for the installed machine?Why no key-file for the installed machine.
Because you configured it that way. You can use a passphrase, a key or both. If you configured it with both a key and a passphrase, you're going to need both to unlock it.Why a key-file then for the external backup?
Procedure 17.4. Encrypting a Partition with geliThe user keys are made up of an optional combination of random bytes from a file, /root/da2.key, and/or a passphrase.
User Key Each stored copy of the Master Key is encrypted with a User Key, which is generated by the geli utility from a passphrase and/or a keyfile. The geli utility first reads all parts of the keyfile in the order specified on the command line, then reads all parts of the stored passphrase in the order specified on the command line. If no passphrase parts are specified, the system prompts the user to enter the passphrase. The passphrase is optionally strengthened by PKCS#5v2. The User Key is a digest computed over the concatenated keyfile and passphrase.