On Sat, 2009-10-31 at 09:12 +0100, Luca Berra wrote: > On Fri, Oct 30, 2009 at 01:05:54PM -0700, Ross Boylan wrote: > >Does anyone have any advice about how to snapshot an encrypted volume so > >that the snapshot won't leak information? > > > Do you mean linux-lvm snapshot Yes. > or some storage based one? I'm not sure what that means, but I don't want to rsync or tar. The backup is run from a central computer using something like bacula. > In the first case I think the safest way is encrypting the PV. I don't think I can. Here's my setup: V1E encrypted volume, built on top of V1R raw volume, which is part of VGA volume group, composed of PVA physical volume (which is actually software RAID). My terminology may be non-standard: V1E is readable and looks like a regular file system; V1R is the one that looks scrambled. i.e., cyptsetup luksOpen /dev/mapper/VGA-V1R V1E. One could say that V1R is encrypted. Is there a conventional way to refer to these items? V1R is the "backing device" and V1E is ....? So if I snapshot V1E I think I must use VGA (at any rate, I have no other space), which exposes the readable version of my data. Maybe I could snapshot V1R and use the same encryption key as for V1E to make V2E? Now that I think of it, I'm not even sure if LVM will snapshot the product of dm-crypt (V1E). Ross _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
