SOLVED Encryption keys

[CyBiS]

Sorry to dig out this old thread but the discussion in another thread unfortunately did not clarify my questions I have regarding encryption. I have the following behaviour on my test system:

• An encrypted volume without passphrase is unlocked and mounted automatically after a reboot.
• An encrypted volume with passphrase is not unlocked and mounted automatically after a reboot. Manually providing either the passphrase or the recovery key unlocks and mounts it.

Am I correct to assume that for the automatic unlock and mount the recovery key is stored somewhere on the boot device regardless if I download the recovery key or not? If so, is the recovery key for a passphrase protected volume stored on the boot device as well? This would compromise the securtiy in case of physical access to the FreeNAS server.

Furthermore the FreeNAS documentation suggests to backup both the GELI encryption key and the recovery key. The recovery key is for decrypting the encrypted volume but what is the GELI encryption key needed for after the volume is encrypted?

 

[Nick2253]

This would compromise the securtiy in case of physical access to the FreeNAS server.

You're assuming that the purpose of encryption is to protect data from physical server access. However, in the typical use case, a FreeNAS server is on and serving decrypted data, and the decryption key is stored in memory, so any sufficiently sophisticated attacker could easily gain access. The real purpose of encryption is to protect data at rest, when the drives have been removed from the server and, for example, sent in for warranty repair.

 

[CyBiS]

One of the major reasons why I'm considering to replace my off-the-shelf NAS with a custom built FreeNAS is encryption. I'd like that my data is not accessible in case the server is stolen. The usecase you are describing ("just" protecting the disks in case of a warranty replacement or simply a safe disk disposal) is perfectly valid and covered when applying disc enryption without a passphrase. However, with physical access to the server and proper skills a thief could still access my data.

The question is if for a passphrase protected encryption the recovery key is stored on the boot device as well? If yes, then a potential thief, again assuming a proper skill set, might recover that key. Although it is very unlikely that a FreeNAS guru is going to steal my server, it kind of defeats the purpose of encryption.

Furthermore I'm a bit confused regarding the GELI encryption key and the recovery key. Both of them should be backuped but I'm not sure what the encryption key is used for after the pool is already encrypted. Unfortunately the FreeNAS documentation isn't very specific about this and the FreeBSD documenation even uses a different terminology. If anyone from the experts here could shed some light on this topic, I'd really appreciate that.

 

[Ericloewe]

Furthermore I'm a bit confused regarding the GELI encryption key and the recovery key. Both of them should be backuped but I'm not sure what the encryption key is used for after the pool is already encrypted. Unfortunately the FreeNAS documentation isn't very specific about this and the FreeBSD documenation even uses a different terminology. If anyone from the experts here could shed some light on this topic, I'd really appreciate that.

GELI allows for two decryption keysets. FreeNAS uses one with key + password plus a second one with just a key.

Each of them encrypts the disk's master key, which is stored on the disk itself, in the GELI metadata (again, encrypted). Either one can be used independently, but you do need one.

I'm not sure what the encryption key is used for after the pool is already encrypted

It's symmetric encryption. The same key encrypts and decrypts. Asymmetric encryption is a very different beast, mostly only for small volumes of data (like encrypting a symmetric key that you can then send securely to someone else).

 

[CyBiS]

Thanks a lot for the feedback. Apparently I didn't use the forum search thoroughly enough, so appologies for that. Here is an excellent post by @Dusan which confirms your explanation and basically answers all the questions I had. Most importantly, the recovery key ist not stored anywhere on the FreeNAS device.