D
Deleted member 60479
Guest
I lost the encryption key (ada1.key) to my backup. Is it possible to access the backup drive?
If you used full disk encryption, no. The whole disk is encrypted with that same key.Is there a key file for the operating system as well, when it is encrypted?
The password is useless without the key and the key is useless without the password. You need to have both to unlock the encryption.I have the passphrase. I just don't have the key-file ada1.eli
Oh, wait, I misunderstood the previous remarks. Maybe, just maybe, you can find a backup of your key in /var/backup/.So, why is my external backup disk encrypted with a key and not my OS?
The disk itself could simply die too. But yes, encryption does mean you need to take really good care of your keys. Back them up and store them somewhere safe (not on the disk that requires that key to access it).Sometimes encryption hurts you more than it protects you.
Why would there be a key file for the installed machine?Why no key-file for the installed machine.
Because you configured it that way. You can use a passphrase, a key or both. If you configured it with both a key and a passphrase, you're going to need both to unlock it.Why a key-file then for the external backup?
Procedure 17.4. Encrypting a Partition with geliThe user keys are made up of an optional combination of random bytes from a file, /root/da2.key, and/or a passphrase.
User Key
Each stored copy of the Master Key is encrypted with a User Key, which is
generated by the geli utility from a passphrase and/or a keyfile. The
geli utility first reads all parts of the keyfile in the order specified
on the command line, then reads all parts of the stored passphrase in the
order specified on the command line. If no passphrase parts are
specified, the system prompts the user to enter the passphrase. The
passphrase is optionally strengthened by PKCS#5v2. The User Key is a
digest computed over the concatenated keyfile and passphrase.
Yes, exactly. It's a 2-factor authentication, it's something you have (the key) and something you know (the passphrase).So a key file and a passphrase secures your data even more than just a passphrase.