9.3 Upgrade Nightmare, Please Help!

[OrbitalCombustion]

Okay, i'm taking whoever can assist me on this out to dinner.

>> Today I unfortunately decided I wanted to upgrade from Freenas 9.2.1 to 9.3. Initially I updated via the Firmware Update function in the WebGUI, which booted my box into some frantic state which returned system access errors when trying to access logs. This forced me to install a fresh copy, and from what I was reading, I would be able to import my old volume without trouble.

Once I installed 9.3 from scratch and booted into the WebGUI to import my old volume, I discovered it was encrypted, I have the passphrase but not the encryption file. My first question is, is it possible to retrieve the encryption key from the volume, and if so, how do I do that?

 

[Bidule0hm]

Please follow the forum rules and list your hardware.

Pools don't encrypt themselves on their own...

If you've encrypted your pool you must have a backup of the recovery key for this kind of event.

 

[OrbitalCombustion]

I encrypted it with a passphrase but cannot locate the key, if and where I initially uploaded it. Is it possible to retrieve? 2.5 TB/s of data

 

[OrbitalCombustion]

I grazed an article about a directory where two keys could be extracted to unlock an AES key which would reveal the encryption file necessary to import the volume.

 

[Bidule0hm]

Did you read the manual about the encrypted volumes? especially http://doc.freenas.org/9.3/freenas_storage.html#encryption and http://doc.freenas.org/9.3/freenas_storage.html#managing-encrypted-volumes

And what is the relationship between this and the 9.3 upgrade?

 

[OrbitalCombustion]

So there is no hope. :( I don't know why I encrypted it to begin with.

 

[DrKK]

There's probably no hope.

I don't understand why people encrypt their pools. It only helps when the drives are removed. Let's say your drives fall into the wrong hands (what are the odds of that? A ha, I know what you're saying: "What if I RMA a drive?!?!!" Well then, your RMA'd drive will be the same as the other one million RMA'd drives, and no one will give a shit). But let's say someone steals your drives. Then, you'd need this sequence of events:

1) The person would have to know what a hard drive is. (4: 1 against), and THEN:
2) They'd have to care enough to mount it (25:1 against), and THEN:
3) They'd have to be competent enough to know that it's ZFS (400:1 against), and THEN:
4) Having done so, they'd have to care enough to get a ZFS environment all set up to mount your bullshit (1000:1 against), and THEN:
5) Having done so, you'd have to have material on that drive that was worth the time and effort to get this far (100000:1 against)

I think all of these numbers are quite generous, actually. The actual odds I think are worse.

Since this is a sequence of events, we can multiply out, and we get: 4*25*400*1000*100000 = 4 * 10^12. So roughly, 4 trillion to 1 that encryption will help you in any eventuality that is likely to occur.

It's not like any people have to worry about megafunded hax0rs or state entities; and if you did, you're dead anyway. Your encrypting of the pools will not help you.

Ergo: If you're encrypting your personal use pool then I personally think it's a bad move. Sure, if you're a business and have laws and regulations, or whatever, then fine. But you're not.

The downside is serious. And as far as I can ascertain, for most users, the upside is, for all interns and purposes, zero.

 

[JR Gonzalez]

Yes. I had the same exact problem when going from 9.2 to 9.3. It was solved by using the encryption backup key (which I stored on 3 different encrypted thumb drives in 3 different places for safe measure). Unfortunately... you can kiss your data goodbye without that key. At least as far as I know. Maybe someone may be able to help you if they understand GELI a bit more.

 

[jkh]

Save your money - if you don't remember backing up your encryption keys (it sounds like you don't even remember encrypting this thing?) then there's nothing that can be done. That's kind of the point of encryption - making the data extremely hard to access unless conditions are exact.

 

[OrbitalCombustion]

Cyberjock, JKH >> what occurred was I was new to FreeNAS and was tinkering around without the prospective doom of future failure. To be honest it was just music and movies which will take a while to reencode; 300 of the movies I had backed up on another RAID configuration on my network so not all is lost. In the future, I have learned, that encryption is really only for those who TRULY TRULY need it, aka = not me.