0

I created an encrypted pool in Freenas 9.10 using the provided Wizard. Afterwards i input a passphrase for the volume.

The Handbook advises me to download and store the Recovery Key:

Download Key: click this icon to download a backup copy of the GELI encryption key. [...] Since the GELI encryption key is separate from the FreeNAS® configuration database, it is highly recommended to make a backup of the key. If the key is every lost or destroyed and there is no backup key, the data on the disks is inaccessible.

[...]

Note: the passphrase, recovery key, and encryption key need to be protected. Do not reveal the passphrase to others. On the system containing the downloaded keys, take care that that system and its backups are protected. Anyone who has the keys has the ability to re-import the disks should they be discarded or stolen.

Does that mean that the key file also contains the Passphrase and is in itself enough to mount the pool?

Community
  • 1
Sebastian Schmitz
  • 101
  • 3
  • 1
    The encryption key is protected by the passphrase and the unprotected encryption key allows encryption operations. If the backup copy contains the passphrase, then you do have to be carefull about its security. It is likely that the recovery key is not protected by a passphrase, so that means that you do need to be carefull about this backup. -- Summary -- The documentation is not very clear about it, but except if there is an explicit file in the backup, the passphrase is not included and the recovery key probably does not require a password. – le_top Jun 11 '16 at 13:18

1 Answers1

0

According to a member of the Core Team, the Passphrase is needed in addition to the Key.

Sebastian Schmitz
  • 101
  • 3