Re: gbde and geli - differences
On Wed, 21 Mar 2007 23:15:50 +0100 Roland Smith <[EMAIL PROTECTED]> wrote: > On Wed, Mar 21, 2007 at 06:33:19PM +, RW wrote: > > How do you attach the dvd content? > > > > # geli attach /dev/cd0 > > Cannot read metadata from /dev/cd0: Invalid argument. > > > > geli attach -r /dev/cd0 > > Cannot read metadata from /dev/cd0: Invalid argument. > > I get the same error. Odd. I thought I used that trick before. It > definitely works on the USB drives that I use as primary backup (no > memory disk necessary in that case). I asked about this in the geom list. It turns out that the md device needs to have the same sector size as the DVD (2048 bytes). If you create it like this: mdconfig -a -t vnode -S 2048 -f imagefile it all works correctly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: gbde and geli - differences
On Sat, 24 Mar 2007 20:10:11 +0100 (CET) Wojciech Puchar <[EMAIL PROTECTED]> wrote: > >> why there are both? what should i use to have better chance i will > >> be able to recover data after say 10 years knowing password? > > > > I presume it's to do with geli using OpenSSL libraries and so > > picking-up hardware acceleration where available. I think gdbe is > > being sidelined. > > i switched to geli, making all my encrypted partition DVD sized, so i > can back it up encrypted by writing whole device to DVD. > How do you actually write the partition to the DVD? And can the DVD be mounted, or is it just a backup? If you do mount them, I'm wondering why you don't get the problem I had with the md filesystem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: gbde and geli - differences
why there are both? what should i use to have better chance i will be able to recover data after say 10 years knowing password? I presume it's to do with geli using OpenSSL libraries and so picking-up hardware acceleration where available. I think gdbe is being sidelined. i switched to geli, making all my encrypted partition DVD sized, so i can back it up encrypted by writing whole device to DVD. and geli uses 2-3 times less CPU time doing the same encryption. both can use passwords and key files. thank you ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: gbde and geli - differences
On Wed, Mar 21, 2007 at 06:33:19PM +, RW wrote: > How do you attach the dvd content? > > # geli attach /dev/cd0 > Cannot read metadata from /dev/cd0: Invalid argument. > > geli attach -r /dev/cd0 > Cannot read metadata from /dev/cd0: Invalid argument. I get the same error. Odd. I thought I used that trick before. It definitely works on the USB drives that I use as primary backup (no memory disk necessary in that case). The following is what I currently use to make encrypted backups to DVD, because it requires less interaction; I bundle appropriate numbers of files and directories up in tarfiles (bzip2-ed unless it contains photos etc), so that every tarfile is slightly under DVD size. I've put this in a script, because a lot of my directories don't grow very fast. Alternatively you can use a tool like dirsplit (http://freshmeat.net/projects/dirsplit/) to make file catalogs. Next I encrypt every tarfile with ccrypt(1) from ports, because it uses the Rijndael (aes) cipher. You can use another encryption program if you like, like enc(1) from OpenSSl with the Blowfish cipher, or gnupg with a symmetric cipher like aes256 or twofish or blowfish if you don't want to keep a separate key. Don't use crypt(1) or bdes(1), they're not considered safe anymore. The encypted file is then directly burned (as an image) with growisofs. To extract the contents I use the following command: cat /dev/cd0|ccrypt -d|tar xjf - The file is cat-ed because ccrypt doesn't want to open device files. This might be overkill, depending on who you're trying to protect the data from. If you burn the unencrypted tarfile to DVD, the average windows user wouldn't have a clue how to open it. Of course a 'file -s' would tell any competent sysadmin that you've burned a tarfile. OTOH, if you encypt the data and forget the keyphrase, your data is lost. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgp1EvjmUauvB.pgp Description: PGP signature
Re: gbde and geli - differences
On Wed, 21 Mar 2007 08:02:51 +0100 Roland Smith <[EMAIL PROTECTED]> wrote: > On Wed, Mar 21, 2007 at 12:13:21AM +, RW wrote: > > > > > > i need both encrypted partition and encrypted copies/DVDs. > > > > > > > > I'd be interested if anyone has a method for creating encrypted > > > > DVDs that still works. > > > > > > You can use a UFS filesystem on a DVD. In short: > > > - create an file with random characters the size of a DVD. > > > - use that as a vnode backed memory disk with mdconfig. > > > - initialize and attach that with geli. > > > - create a new filesystem on the geli device > > > - mount it. > > > > But how do you put that on a DVD-R or DVD+R? > > growisofs -dvd-compat -Z /dev/dvd=$HOME/backupDVD.img How do you attach the dvd content? # geli attach /dev/cd0 Cannot read metadata from /dev/cd0: Invalid argument. geli attach -r /dev/cd0 Cannot read metadata from /dev/cd0: Invalid argument. I also tried acd0, and acd0t01 # ls -l /dev/*cd0* crw-rw-r-- 1 root operator0, 105 Mar 21 11:27 /dev/acd0 crw-r- 1 root operator0, 165 Mar 21 11:27 /dev/acd0t01 crw-rw-r-- 1 root operator0, 142 Mar 21 11:27 /dev/cd0 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: gbde and geli - differences
On Wed, Mar 21, 2007 at 12:13:21AM +, RW wrote: > > > > i need both encrypted partition and encrypted copies/DVDs. > > > > > > I'd be interested if anyone has a method for creating encrypted DVDs > > > that still works. > > > > You can use a UFS filesystem on a DVD. In short: > > - create an file with random characters the size of a DVD. > > - use that as a vnode backed memory disk with mdconfig. > > - initialize and attach that with geli. > > - create a new filesystem on the geli device > > - mount it. > > But how do you put that on a DVD-R or DVD+R? growisofs -dvd-compat -Z /dev/dvd=$HOME/backupDVD.img Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpnxbkWa8ILl.pgp Description: PGP signature
Re: gbde and geli - differences
On Wed, 21 Mar 2007 00:15:04 +0100 Roland Smith <[EMAIL PROTECTED]> wrote: > On Tue, Mar 20, 2007 at 10:36:19PM +, RW wrote: > > On Tue, 20 Mar 2007 19:06:28 +0100 (CET) > > Wojciech Puchar <[EMAIL PROTECTED]> wrote: > > > > > what they are. both works, both works right. > > > geli has more options. > > > > > > why there are both? what should i use to have better chance i > > > will be able to recover data after say 10 years knowing password? > > > > I presume it's to do with geli using OpenSSL libraries and so > > picking-up hardware acceleration where available. I think gdbe is > > being sidelined. > > geli uses the crypto(9) framework. Not sure about the OpenSSL > libraries. I'm probably mixing up crypto(9) and crypto(3) > > > > i need both encrypted partition and encrypted copies/DVDs. > > > > I'd be interested if anyone has a method for creating encrypted DVDs > > that still works. > > You can use a UFS filesystem on a DVD. In short: > - create an file with random characters the size of a DVD. > - use that as a vnode backed memory disk with mdconfig. > - initialize and attach that with geli. > - create a new filesystem on the geli device > - mount it. But how do you put that on a DVD-R or DVD+R? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: gbde and geli - differences
On Tue, Mar 20, 2007 at 10:36:19PM +, RW wrote: > On Tue, 20 Mar 2007 19:06:28 +0100 (CET) > Wojciech Puchar <[EMAIL PROTECTED]> wrote: > > > what they are. both works, both works right. > > geli has more options. > > > > why there are both? what should i use to have better chance i will be > > able to recover data after say 10 years knowing password? > > I presume it's to do with geli using OpenSSL libraries and so picking-up > hardware acceleration where available. I think gdbe is being sidelined. geli uses the crypto(9) framework. Not sure about the OpenSSL libraries. > > i need both encrypted partition and encrypted copies/DVDs. > > I'd be interested if anyone has a method for creating encrypted DVDs > that still works. You can use a UFS filesystem on a DVD. In short: - create an file with random characters the size of a DVD. - use that as a vnode backed memory disk with mdconfig. - initialize and attach that with geli. - create a new filesystem on the geli device - mount it. E.g: # dd if=/dev/random of=$HOME/backupDVD.img bs=1m count=4000 # mdconfig -a -t vnode -f $HOME/backupDVD.img (The name of the md device will be printed on stdout, e.g. 'md0'.) # geli init -l 256 /dev/md0 # geli attach /dev/md0 # newfs /dev/md0.eli # mount /dev/md0.eli /mnt/root Use it. Then: # umount /mnt/root # geli detach md0.eli # mdconfig -d -u 0 Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpUXO2KicCgJ.pgp Description: PGP signature
Re: gbde and geli - differences
On Tue, 20 Mar 2007 19:06:28 +0100 (CET) Wojciech Puchar <[EMAIL PROTECTED]> wrote: > what they are. both works, both works right. > geli has more options. > > why there are both? what should i use to have better chance i will be > able to recover data after say 10 years knowing password? I presume it's to do with geli using OpenSSL libraries and so picking-up hardware acceleration where available. I think gdbe is being sidelined. > i need both encrypted partition and encrypted copies/DVDs. I'd be interested if anyone has a method for creating encrypted DVDs that still works. A couple of years ago I played around with encrypted CDs by using a 650Mb file as a backing store for an encrypted md partition and then just burning a CD with that file on it. The same technique can be extended to DVDs by using using two or more backing files with gconcat, to get around the problem that an ISO 9660 filesystem wont support a single 4.7GB file. It worked at the time, but recently I found that the technique no longer works, gbde wouldn't attach the device as it's read-only. I know the behaviour has changed, because I had the old scripts, that had worked before. It's still possible to access the data by copying the backing files to disk, but that's not very practical. I guess it may be possible to work around the problem with a union filesystem, but I haven't pursued that yet. I understand that it's possible to encrypt a DVD+RW as an ordinary partition, but that it's painfully slow. And I don't really want to use RW disks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
