key

  • Thread starter Deleted member 60479
  • Start date
D

Deleted member 60479

Guest
I lost the encryption key (ada1.key) to my backup. Is it possible to access the backup drive?
 
The drive itself, sure. But you cannot access the data without the key.
 
Worst kind of answer.. but thank you.
 
It would defeat the entire purpose of the encryption if you could access the data without a proper key.
 
Judging by the naming of the key, I'm going to say geli(8). Good luck trying to brute-force that.
 
  • Like
Reactions: a6h
I have the passphrase. I just don't have the key-file ada1.key
 
Is there a key file for the operating system as well, when it is encrypted?
If you used full disk encryption, no. The whole disk is encrypted with that same key.

I have the passphrase. I just don't have the key-file ada1.eli
The password is useless without the key and the key is useless without the password. You need to have both to unlock the encryption.

I once did something similar. Had an encrypted external drive. Reinstalled the machine and forgot to backup the key. So the data on the external drive was lost too. There is no way to recover that key or the password if you lose either one.
 
So, why is my external backup disk encrypted with a key and not my OS?
 
So, why is my external backup disk encrypted with a key and not my OS?
Oh, wait, I misunderstood the previous remarks. Maybe, just maybe, you can find a backup of your key in /var/backup/.
 
Sometimes encryption hurts you more than it protects you. I just don't get it. Why no key-file for the installed machine.
 
Sometimes encryption hurts you more than it protects you.
The disk itself could simply die too. But yes, encryption does mean you need to take really good care of your keys. Back them up and store them somewhere safe (not on the disk that requires that key to access it).

Why no key-file for the installed machine.
Why would there be a key file for the installed machine?
 
I'm not smart enough to get it. Why a key-file then for the external backup?
 
Why a key-file then for the external backup?
Because you configured it that way. You can use a passphrase, a key or both. If you configured it with both a key and a passphrase, you're going to need both to unlock it.

The user keys are made up of an optional combination of random bytes from a file, /root/da2.key, and/or a passphrase.
Procedure 17.4. Encrypting a Partition with geli

Code:
   User Key
     Each stored copy of the Master Key is encrypted with a User Key, which is
     generated by the geli utility from a passphrase and/or a keyfile.  The
     geli utility first reads all parts of the keyfile in the order specified
     on the command line, then reads all parts of the stored passphrase in the
     order specified on the command line.  If no passphrase parts are
     specified, the system prompts the user to enter the passphrase.  The
     passphrase is optionally strengthened by PKCS#5v2.  The User Key is a
     digest computed over the concatenated keyfile and passphrase.
From geli(8), take special note of the last sentence.
 
I get it. So a key file and a passphrase secures your data even more than just a passphrase. For the installed machine you may only use a passphrase. Thanks.
 
So a key file and a passphrase secures your data even more than just a passphrase.
Yes, exactly. It's a 2-factor authentication, it's something you have (the key) and something you know (the passphrase).
 
Am i able to consistently mount the same encrypted disk in fstab. Geom names jumps around changing from da0 to da1 etc 😁
 
Hey, you're doing better than I am. I have an external backup disk, which is fully encrypted and used for offsite (away from home) safety. I have the passphrase recorded, that's not the problem. The problem is that the whole disk is lost. Usually, it is stored in my office. But I know I took it home before the Covid lockdown, and I have updated it at home once (that's in the log file), and I have not been in my office at all since February. It might be stored in my wife's office ... so I asked her to look absolutely everywhere, and she searched the place and didn't find it. Or it could be at home, and we've spent about 3 hours looking everywhere, and it is nowhere to be found. So I have a key and no disk.

The obvious solution was: find another external portable disk, initialize it, write a new backup on it. All done, except that it is still sitting on the desk at home, waiting to be taken to my wife's office.
 
You have the key but no disk.
I have the disk but no key.
Great.
 
Back
Top