SOLVED Decrypt Pool fails: geli: Wrong key for gptid/disk_gid

[atomique90]

Hello guys,
maybe one of you has an idea for my big problem: I encrypted my disks but cant decrypt them. I saved my geli.key but FreeNAS doesnt accept it.
What I did:

1. Encrypted the pool
2. Saved my geli.key (copied the content to my passwordsafe)
3. Moved the disks to a fresh install (I dont have access to the old environment anymore)
4. Tried to import it via GUI and Shell with geli.key (no passphrase, I just have this geli.key)

Error in the GUI:

Code:

Error: Traceback (most recent call last):
  File "/usr/local/lib/python3.6/site-packages/middlewared/job.py", line 333, in run
    await self.future
  File "/usr/local/lib/python3.6/site-packages/middlewared/job.py", line 366, in __run_body
    rv = await self.middleware.run_in_thread(self.method, *([self] + args))
  File "/usr/local/lib/python3.6/site-packages/middlewared/main.py", line 1004, in run_in_thread
    return await self.loop.run_in_executor(executor, functools.partial(method, *args, **kwargs))
  File "/usr/local/lib/python3.6/concurrent/futures/thread.py", line 56, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/usr/local/lib/python3.6/site-packages/middlewared/schema.py", line 668, in nf
    return f(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/middlewared/plugins/disk.py", line 253, in decrypt
    raise CallError(f'The following devices failed to attach: {", ".join(failed)}')
middlewared.service_exception.CallError: [EFAULT] The following devices failed to attach: gptid/ae24d1a8-03b9-11ea-9421-001b21bd9510, gptid/ade387e0-03b9-11ea-9421-001b21bd9510

Error in the shell:

Code:

root@freenas[/tmp]# geli attach -p -k /tmp/geli.key /dev/gptid/ae24d1a8-03b9-11ea-9421-001b21bd9510
geli: Wrong key for gptid/ae24d1a8-03b9-11ea-9421-001b21bd9510.

What I didn't / maybe my mistake here:
I checked the documentation and its mentioned there, that I have to disconnect and export the pool before moving to a new FreeNAS system. The problem is, that I have formatted the USB-Stick from the first FreeNAS instance. I changed to the new system, because I got some weird errors during boot that stopped after reinstalling FreeNAS onto a new SSD. Could this be a problem?

The system:
- FreeNAS 11.2 U6
- 2 Disks mirrored and encrypted

Is it possible to decrypt the pool? Is the format of my geli.key wrong maybe? I have just copied it to a file (windows notepad) - maybe thats the problem. Please let me know if you need further information.

Note: I also posted this issue on reddit, but I think its better placed in here. Please dont wonder if you see this twice!

Thank you guys for any help!

Atomique

 

[atomique90]

UPDATE:

@rs225 wrote me a private message and tried to help me out with this. The problem was, that I needed to restore my vms / datastore immediately. Thats the reason I cant test out his (not tested) solution.. but it sounds really promising - maybe there is someone with the same problem out there:

The geli-key I downloaded looked like this one:

Code:

25df 620a e700 c7cd d9e2 de3a b8be 516d
f138 e900 778c fa4c 864b 6777 cf9c 20bf
dc52 121d 9fd2 6089 8f1a 6948 485f 0b23
4652 4185 8ff3 6b13 98c7 3c28 49f6 d6ee

But the key, it turns out, needs to be in the base64 format if attached via shell - like this one (just an example!):

Code:

VGhpcyBpcyBhIHNhbXBsZSBvZiBiYXNlNjQgZW5jb2RlZCB0aGluZ3MuCg==

He told me that the key needs to be exactly 64 Bytes long..

The conversion command (FreeBSD):

Code:

b64decode -r bad_geli.key > test.key

Dont ask me why I downloaded an hex-geli-key in the GUI and need to convert it to base64 to decrypt my disks.. but that sounds like it could work. As told above.. I couldnt test it out, because I needed to restore my files from a backup (what a pitty, lost 9 days because of... yea.. you know - everything turns bad at once ;) )

I hope nobody has this problem.. but if it is the case.. good luck with this!

Have a nice day!

Atomique

AND THANK YOU rs225 - thats so nice that you tried to help me out with this!!!!