On Wed, Apr 10, 2013 at 09:12:40PM -0700, John Gomez wrote: > Hello, > > Can someone please add a section to the cryptsetup FAQ that explains how > to backup a HDD with whole disk encryption? It is already there: Just replace "partition" with "disk" in FAQ item 6.4. It is really not different, except possibly in size. > I have a 500GB HD encrypted with LUKS, partitioned with LVM (I think) and > formatted ext4. The /boot partition is on a USB stick. I want to make a > backup of the HDD. Say my first drive is /sda and the backup drive is > /sdx and I want the backup to go in /sdx3. > > AFAIK, I have two choices; > > 1: Create an encrypted partition on /sdx say, /sdx3, mount and decrypt > /sda, then use rsync to copy the filesystem from /sda to /sdx3. Not the > worst choice but there are flaws. What if I want to do this over a > network? That would be transfer security and is out-of-scope for cryptsetup. You can use the usual solutions, basically ssh-tunneling or some type of VPN. > What if I want to do this on /sdx that is already partitioned? > (If /sdx is already partitioned I can not encrypt the partition /sdx3. Is > this correct?) No. Why would you think that? > 2: Use dd (or GNU ddrescue or similar) using the parameters if=/sda > of=/sdx3/backup.img. Then the problems are: how do I view the files? Via the loop-device? Or restoring the image? > This post describes mounting an image of a partition: > http://www.rebelzero.com/howto/backup-and-restore-files-tofrom-a-luks-encrypted-partition-image-file/189. ; > Does anyone know a better way to do this? Will this work for an image of > the entire drive? Is there any other way to verify the integrity of the > backup? > > Any suggestions are appreciated. I think your issue is not cryptsetup, but rather the complicated mess some modern distributions create using LVM. My advice would be not to use LVM in the first place. If you have to use it, just do whatever you did to the disk before to the image (possibly via loop-device) and you basically get the same thing you had with the raw disk. Now, doing whatever your distro did with LVM might be complicated and a huge violationof KISS, but that has nothing to do with cryptsetup. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
