From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jkkfeZGz00Lw for ; Thu, 11 Apr 2013 15:47:34 +0200 (CEST) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Thu, 11 Apr 2013 15:47:34 +0200 (CEST) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1UQHqe-000156-I6 for dm-crypt@saout.de; Thu, 11 Apr 2013 15:47:32 +0200 Received: from c-98-227-220-190.hsd1.il.comcast.net ([98.227.220.190]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 11 Apr 2013 15:47:32 +0200 Received: from rnicholsNOSPAM by c-98-227-220-190.hsd1.il.comcast.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 11 Apr 2013 15:47:32 +0200 From: Robert Nichols Date: Thu, 11 Apr 2013 08:47:25 -0500 Message-ID: References: <1365653560.6456.YahooMailNeo@web162401.mail.bf1.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit In-Reply-To: <1365653560.6456.YahooMailNeo@web162401.mail.bf1.yahoo.com> Subject: Re: [dm-crypt] How to backup entire encrypted HDD? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 04/10/2013 11:12 PM, John Gomez wrote: > I have a 500GB HD encrypted with LUKS, partitioned with LVM (I think) and > formatted ext4. The /boot partition is on a USB stick. I want to make a backup > of the HDD. Say my first drive is /sda and the backup drive is /sdx and I want > the backup to go in /sdx3. > > AFAIK, I have two choices; > 1: Create an encrypted partition on /sdx say, /sdx3, mount and decrypt /sda, > then use rsync to copy the filesystem from /sda to /sdx3. Not the worst choice > but there are flaws. What if I want to do this over a network? Why is that an issue? rsync will, by default, use ssh for the communication. > What if I want > to do this on /sdx that is already partitioned? (If /sdx is already partitioned > I can not encrypt the partition /sdx3. Is this correct?) Merely partitioned wouldn't be a problem, but if that partition already contains a filesystem and data you want to preserve, then converting it to encrypted would be a problem. Recent versions of the cryptsetup package do have the option to build an experimental cryptsetup-reencrypt tool that can encrypt an existing partition, but it's a long and delicate process. > 2: Use dd (or GNU ddrescue or similar) using the parameters if=/sda > of=/sdx3/backup.img. Then the problems are: how do I view the files? This post > describes mounting an image of a partition: > http://www.rebelzero.com/howto/backup-and-restore-files-tofrom-a-luks-encrypted-partition-image-file/189. > Does anyone know a better way to do this? Will this work for an image of the > entire drive? You can work with the whole drive image, but it's a bit complicated, and the steps depend on exactly how the source drive was set up and whether LVM is involved. The basic tools are "losetup" to map a loop device to a file and "kpartx" to create device maps for the partitions within a device. I can't comment on the steps needed if LVM is involved. -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it.