From: Robert Nichols <rnicholsNOSPAM@comcast.net>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] How to backup entire encrypted HDD?
Date: Thu, 11 Apr 2013 08:47:25 -0500 [thread overview]
Message-ID: <kk6eta$n8v$1@ger.gmane.org> (raw)
In-Reply-To: <1365653560.6456.YahooMailNeo@web162401.mail.bf1.yahoo.com>
On 04/10/2013 11:12 PM, John Gomez wrote:
> I have a 500GB HD encrypted with LUKS, partitioned with LVM (I think) and
> formatted ext4. The /boot partition is on a USB stick. I want to make a backup
> of the HDD. Say my first drive is /sda and the backup drive is /sdx and I want
> the backup to go in /sdx3.
>
> AFAIK, I have two choices;
> 1: Create an encrypted partition on /sdx say, /sdx3, mount and decrypt /sda,
> then use rsync to copy the filesystem from /sda to /sdx3. Not the worst choice
> but there are flaws. What if I want to do this over a network?
Why is that an issue? rsync will, by default, use ssh for the communication.
> What if I want
> to do this on /sdx that is already partitioned? (If /sdx is already partitioned
> I can not encrypt the partition /sdx3. Is this correct?)
Merely partitioned wouldn't be a problem, but if that partition already
contains a filesystem and data you want to preserve, then converting it
to encrypted would be a problem. Recent versions of the cryptsetup
package do have the option to build an experimental cryptsetup-reencrypt
tool that can encrypt an existing partition, but it's a long and
delicate process.
> 2: Use dd (or GNU ddrescue or similar) using the parameters if=/sda
> of=/sdx3/backup.img. Then the problems are: how do I view the files? This post
> describes mounting an image of a partition:
> http://www.rebelzero.com/howto/backup-and-restore-files-tofrom-a-luks-encrypted-partition-image-file/189.
> Does anyone know a better way to do this? Will this work for an image of the
> entire drive?
You can work with the whole drive image, but it's a bit complicated,
and the steps depend on exactly how the source drive was set up and
whether LVM is involved. The basic tools are "losetup" to map a
loop device to a file and "kpartx" to create device maps for the
partitions within a device. I can't comment on the steps needed if
LVM is involved.
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
next prev parent reply other threads:[~2013-04-11 13:47 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-11 4:12 [dm-crypt] How to backup entire encrypted HDD? John Gomez
2013-04-11 9:39 ` orinoco
2013-04-11 13:47 ` Robert Nichols [this message]
2013-04-11 15:16 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='kk6eta$n8v$1@ger.gmane.org' \
--to=rnicholsnospam@comcast.net \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.