mlelstv%serpens.de@localhost (Michael van Elst) writes:
> carsten.kunze%arcor.de@localhost writes:
>
>>if I encrypt a device with
>>cgdconfig -V re-enter cgd1 /dev/wd0e
>>then unconfigure it:
>>cgdconfig -u cgd1
>>and then try to decrypt it:
>>cgdconfig cgd1 /dev/wd0e
>>The password is not excepted. What can be the reason?
>
> There is nothing on the encrypted disk where the verification
> method ("re-enter") is stored. You have to specify it every time
> when you configure a device.
>
> You can use a parameter file in /etc/cgd/ to store this information.
Sort of related, I am a bit confused about how cgd is supposed to work.
I understand that one has a config file in /etc/cgd with IV and password
method, but that's in the root of one system, and doesn't naturally
travel with external disks. Particularly if the external disk contains
a full backup, one wants to read it without the original system.
So should I be created two filesystems on each disk, one very small, to
hold a cgdconfig file, and one large, encrypted? Or is there some
other approach? Are there some standard flags that one should just
remember and use, so you don't need a config file?
Attachment:
pgpPXCiySlngq.pgp
Description: PGP signature