On 11.09.2013 20:24, Arno Wagner wrote: > On Wed, Sep 11, 2013 at 08:13:12PM +0200, ax487 wrote: >> Hello all, >> >> I have been using LUKS for quite some time now to encrypt block devices. >> Up to now I have always used the setup RAID1 -> Encryption -> LVM2 -> >> filesystems. >> Now however I want to create an encrypted Btrfs RAID1. The problem is >> that a RAID based on Btrfs is not based on block devices. What I would >> need is to encrypt two different partitions and then use their decrypted >> counterparts as basis for the RAID. The problem is that I really don't >> want to add my pass phrase multiple times and I don't like key files. I >> realize that the 'reuse key' problem is a long standing issue: >> >> https://bbs.archlinux.org/viewtopic.php?id=117152 >> https://bugzilla.redhat.com/show_bug.cgi?id=446567 >> https://www.martineve.com/2012/11/02/luks-encrypting-multiple-partitions-on-debianubuntu-with-a-single-passphrase/ >> >> However I did not find a solution anywhere. >> Could you tell me how to setup my system to make things work the way I >> intend to? > > Easy answer: Don't use Btrfs as long as it is not finished (i.e. > does not implement encryption). If these people think they can > integrate multiple storage layers, they should at least have the > most common in there and that does include encryption. Well, I think that Btrfs is ready for a production system. The filesystem-based approach to a RAID1 offers some advantages, as does Btrfs in general. Also, as I have pointed out, people seem to want reusable keys as a feature. If Btrfs becomes the new standard filesystem on linux there will probably be some more requests. I might be wrong, but I assumed that reusable keys would be a feature not too difficult to implement, most certainly much less difficult than for the Btrfs developers to implement disk encryption from scratch. > > More complicated answer: There is no pre-packaged solution. > You could do different things, e.g. make one parition LUKS > and the other plain dm-crypt with a key derived somehow from > the LUKS master key. I don't know how much you know about what a RAID1 is, but that approach pretty much defeats the entire purpose of it... > > Arno > _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
