Sorry to dig out this old thread but the discussion in another thread unfortunately did not clarify my questions I have regarding encryption. I have the following behaviour on my test system:
Furthermore the FreeNAS documentation suggests to backup both the GELI encryption key and the recovery key. The recovery key is for decrypting the encrypted volume but what is the GELI encryption key needed for after the volume is encrypted?
- An encrypted volume without passphrase is unlocked and mounted automatically after a reboot.
- An encrypted volume with passphrase is not unlocked and mounted automatically after a reboot. Manually providing either the passphrase or the recovery key unlocks and mounts it.
Furthermore the FreeNAS documentation suggests to backup both the GELI encryption key and the recovery key. The recovery key is for decrypting the encrypted volume but what is the GELI encryption key needed for after the volume is encrypted?