From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZmvHDeNobxqH for ; Tue, 2 Apr 2013 01:41:04 +0200 (CEST) Received: from balrog.mandarb.com (mandarb.com [173.160.28.137]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Tue, 2 Apr 2013 01:41:04 +0200 (CEST) Received: from omen by balrog.mandarb.com with local (Exim 4.80) (envelope-from ) id 1UMo6S-0003fF-Gz for dm-crypt@saout.de; Mon, 01 Apr 2013 16:25:28 -0700 Date: Mon, 1 Apr 2013 16:25:28 -0700 From: Omen Wild Message-ID: <20130401232528.GB10159@mandarb.com> MIME-Version: 1.0 Content-Disposition: inline Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="1LKvkjL3sHcu1TtY" Subject: [dm-crypt] Encrypt underlying disks after the fact? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de --1LKvkjL3sHcu1TtY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I have a mirrored ZFS on Linux pool and I am now regretting not having encrypted the underlying disks. Can I do this after the fact, i.e.: - break the mirror: zpool detach tank /dev/sdb - wipe disk - cryptsetup luksFormat /dev/sdb - rebuild the mirror: zpool attach tank /dev/sda /dev/mapper/c1 =09 When I created the pool I gave ZFS the entire disks so it formatted them GPT: ----- Begin quote ----- Partition Table: gpt Number Start End Size File system Name = Flags 1 1048576B 2000390528511B 2000389479936B zfs zfs 9 2000390528512B 2000398917119B 8388608B ----- End quote ----- =20 The main question is whether the LUKS disk would have at least as many blocks as #1. Looking at the numbers is looks like there is 1MB available at the beginning, and 8MB at the end, and the LUKS header is 1MB+4096B or 2 MB, so it looks like it will fit on the raw device. The other route would be to use a detached header. Any recommendations between the two methods? Assuming this could work I suppose the safest way to do this would be to buy a 3rd disk, encrypt it, add it to the pool, then rotate the original 2 out one at a time. Oh, and backups, backups, and more backups. Thanks --=20 The world is coming to an end, SAVE YOUR BUFFERS!!! --1LKvkjL3sHcu1TtY Content-Type: application/x-pkcs7-signature Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIIQqgYJKoZIhvcNAQcCoIIQmzCCEJcCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC DdwwggY0MIIEHKADAgECAgEgMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNVBAYTAklMMRYwFAYD VQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0 ZSBTaWduaW5nMSkwJwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe Fw0wNzEwMjQyMTAyNTVaFw0xNzEwMjQyMTAyNTVaMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UE ChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUg U2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0 ZSBDbGllbnQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLKIVFnAEs+xny q6UzjCqgDcvQVe1dIoFnRsQPCFO+y92k8RK0Pn3MbQ2Gd+mehh9GBZ+36uUQA7Xj9AGM6wgP hEE34vKtfpAN5tJ8LcFxveDObCKrL7O5UT9WsnAZHv7OYPYSR68mdmnEnJ83M4wQgKO19b+R t8sPDAz9ptkQsntCn4GeJzg3q2SVc4QJTg/WHo7wF2ah5LMOeh8xJVSKGEmd6uPkSbj113yK Mm8vmNptRPmM1+YgmVwcdOYJOjCgFtb2sOP79jji8uhWR91xx7TpM1K3hv/wrBZwffrmmEpU euXHRs07JqCCvFh9coKF4UQZvfEg+x3/69xRCzb1AgMBAAGjggGtMIIBqTAPBgNVHRMBAf8E BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUrlWDb+wxyrn3HfqvazHzyB3jrLsw HwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwZgYIKwYBBQUHAQEEWjBYMCcGCCsG AQUFBzABhhtodHRwOi8vb2NzcC5zdGFydHNzbC5jb20vY2EwLQYIKwYBBQUHMAKGIWh0dHA6 Ly93d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNydDBbBgNVHR8EVDBSMCegJaAjhiFodHRwOi8v d3d3LnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwJ6AloCOGIWh0dHA6Ly9jcmwuc3RhcnRzc2wu Y29tL3Nmc2NhLmNybDCBgAYDVR0gBHkwdzB1BgsrBgEEAYG1NwECATBmMC4GCCsGAQUFBwIB FiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMDQGCCsGAQUFBwIBFihodHRw Oi8vd3d3LnN0YXJ0c3NsLmNvbS9pbnRlcm1lZGlhdGUucGRmMA0GCSqGSIb3DQEBBQUAA4IC AQA6qScNyNO0FpHvaZTQacVMXH33O51KyEKSRw3IvdQxRu31YR0ZDGdSfgSoOVDVMSBSdmfQ fdDInHPzV3LO5DwUXZ+lxjv7z3PO2OkfnFkvTXPfn6dxJ5rJveDsTsCPcJ/Kp6/+qN5g+J6D /SaYcFD018B6L42r0Z4VEBy36P4tjRtF14Ex10tl5tJFVKM16qWKQHbpjIgf73s49UB0CQ5l HT2DHKfq3oPfdNc5Mk93w1v4ryVb+qVrZIej8NsrWU+5r4O2IV91edDb/OtHFddZqHFFXKgS 79IHE/hwQ2LW7r3sTX7cDUCg+dfdwO8zeLxuwk2JF8crUoyrl66RGrRIhT8VoG/OJ1Y9uUlO av69V4cG8upi4ZG2l7JZFbcBFk91Wp+Payo5SuF61CmGFrZ386umkmpObtFacXda2O/bVoQ9 xHQrzoTc/0KZTWvlZCLK3Ke/vGYT9ZdW9lOjGsSFbXrlTA919L84iMK+48WGnvRWY28ZaVHp ql43AtEGhXze6iNCbEDACy+4hkQYOytAqDgcxAnQ937mYpeZFPyz/XK9QSt9VNFMuudWxZwD DDJKoQAoSG59Hou9lZ26UrK60nRdAQBmEPL8h2nuWgoPh++XVQld9yuhbsWa39Pck8/lcfz5 HUVGJF5mc/zk38iV7FDlF68puiryNq2KXHEpOTCCB6AwggaIoAMCAQICAh0vMA0GCSqGSIb3 DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UE CxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRD b20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwHhcNMTIwMjIyMTYx NjM5WhcNMTQwMjIzMDEyMjU2WjCBgjEZMBcGA1UEDRMQcU1sMmtIaXNIczc1RGpsbDELMAkG A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDjAMBgNVBAcTBURhdmlzMRIwEAYDVQQD EwlPbWVuIFdpbGQxHzAdBgkqhkiG9w0BCQEWEG9tZW5AbWFuZGFyYi5jb20wggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOx/wfbUjwfzM6yEcgjMODLBXAUgBCdOkgQtqKHwyn gru6Ke7m5Rclw/q/cPlQpS3BvIqGJmWvIP8PvW0/03M4j11lYDLXFDOElc1TgaPQsN3ZGEwp P8ZmdieO4Yf01iq7AdMf4TgeqR3yQTVeMPgbG3X1VUh29PgSOv17XLCiS+oiYhH5fBiQwdLm f80JVuuPF8Iyg9Xn6PZyQPeSjcNFvkOxLtkwfHN5/whwMsQTKx32ZrBGP6kAzIRJ2f0DR79o WHvu3CegQ6NaLcXmzWs0Fp4Pkdg1qCqzdqCyZq6bzLjVpIwbwbp1A87/A+9qUPeBCQZO2wIM a2tmnBfAnCaRAgMBAAGjggQSMIIEDjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHSUE FjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwHQYDVR0OBBYEFCC+uLCjHMzmBYFvRy9/OzT7R6hT MB8GA1UdIwQYMBaAFK5Vg2/sMcq59x36r2sx88gd46y7MIGBBgNVHREEejB4gRBvbWVuQG1h bmRhcmIuY29tgRBvbWVuQG1hbmRhcmIuY29tgRNvbWVuLndpbGRAZ21haWwuY29tgRdvbWVu QGFzbXVuZHNvbi13aWxkLmNvbYESb21lbkB0cmVlZGF2aXMub3JngRBvbWVuQHVjZGF2aXMu ZWR1MIICIQYDVR0gBIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEW Imh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6 Ly93d3cuc3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwICMIHqMCcW IFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmlj YXRlIHdhcyBpc3N1ZWQgYWNjb3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVx dWlyZW1lbnRzIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9y IHRoZSBpbnRlbmRlZCBwdXJwb3NlIGluIGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFy dHkgb2JsaWdhdGlvbnMuMIGcBggrBgEFBQcCAjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0 aW9uIEF1dGhvcml0eTADAgECGmRMaWFiaWxpdHkgYW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0 ZWQhIFNlZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRhdGlvbnMiIG9mIHRoZSBTdGFydENv bSBDQSBwb2xpY3kuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29t L2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYBBQUHMAGGLWh0dHA6Ly9v Y3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVudC9jYTBCBggrBgEFBQcwAoY2aHR0 cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQuY2EuY3J0MCMG A1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUFAAOCAQEA xTMXGZ3KYLF/4W1mZqFxf+4JqpRF8DmfIQs7jG0pM4/E8W18xuzlU9ROgqNduc4HXw6YHLhO etG+/+FYrFhkeNOGS8JOsiXKRI/7/YMedDiTeBdzhL+lZaroqhPLpWcM2fpfIL8o6MbFKg1t hid//ZYc0sobyDlrb9OMmxAxU0NtNcF8z4osd+fzPb3tRlmY8dXU+UB5Z7LBlTAMBl6hXPWh 63KZWyRvbzq1gVBLSeSsPgELH9XvckRZfklXfzWphq93PmJSQnLB4MpfovjJlvP5x4JvpB1M giaDD7pHzAn97TsPkaX8IG/7JqVQKAsjNzKpWbfwN3zszJN4ZB5LbzGCApYwggKSAgEBMIGT MIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2Vj dXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh c3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAh0vMAkGBSsOAwIaBQCggdgw GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTMwNDAxMjMyNTI4 WjAjBgkqhkiG9w0BCQQxFgQUkDJjHRHC1mjmAdhIQPh9Czh2WZoweQYJKoZIhvcNAQkPMWww ajALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAO BggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgw DQYJKoZIhvcNAQEBBQAEggEAkYUoceODhjI6dgmpCc/2oOz+ufm3+v2AEDfOlp9XqAtqO+2s UJzowVoBlAXJt+ZetU15K3Xl2Q6NPOmgTRRDGDRcrSiHTyitJuj3r68lOvslLXz6bSbV26+5 LbRtwetGYD/wdbCMVc5XwoeqIdUIMVaBM6srlYwNRbUpAB+Zl3IWFtvgrI6h46eAcd1jFmNV FXOdfEaLdY75UKzpEiVClFLX42hSh4qkgu6lgUdPP5tsyF4F8yOMI31zU0fBkuuHNkFHN6FS A58zcBe/cBWc8N7hfi2g4lAoveXc/kOavI3FqXYK8POdYjG3kk86YNa8uWBOaxAh/zRb1W58 qFUnlQ== --1LKvkjL3sHcu1TtY--