I have number of questions on "Managing Encrypted Volumes" function in relate to GELI. I read through user document and did some researches online/forums but could not find all the answers.
1. Download Key
What exactly is the key downloaded in this action? I assume it is the geli master key secured by the geli user key(passphase and/or key file).
What if user hasn't secure it via either passphase or key file, e.g. when the encrypted volume just being created? In this case, is it just the plan master key?
2. Why is the Downloaded Key required during re-import an encrypted volume? Isn't there metadata structure on the last sector of the encrypted volume which contain the encrypted geli master key?
3. What is the recovery key? Is it related to the second encrypted master key in key slot 1 described by GELI?
4. What did encryption re-key do actually, generating a new geli master key or re-encrypt geli master key with a newly generated user key? If it is the first case, I assume all the data on the encrypted volume have to be decrypted with the old geli master key and re-encrypted with the new one. Is it correct?
Thanks in advance
1. Download Key
What exactly is the key downloaded in this action? I assume it is the geli master key secured by the geli user key(passphase and/or key file).
What if user hasn't secure it via either passphase or key file, e.g. when the encrypted volume just being created? In this case, is it just the plan master key?
2. Why is the Downloaded Key required during re-import an encrypted volume? Isn't there metadata structure on the last sector of the encrypted volume which contain the encrypted geli master key?
3. What is the recovery key? Is it related to the second encrypted master key in key slot 1 described by GELI?
4. What did encryption re-key do actually, generating a new geli master key or re-encrypt geli master key with a newly generated user key? If it is the first case, I assume all the data on the encrypted volume have to be decrypted with the old geli master key and re-encrypted with the new one. Is it correct?
Thanks in advance