oh NO!

[Horace Gilchrist]

I believe I may have just destroyed about 15 yrs of my digital life...

Tried for an in-place FreeNAS-9.10.2-U2 update to FreeNAS-9.10.2-U3, which failed. It's boot volume was a 4GB USB drive and didn't have enough space to complete the upgrade. I had a spare 8GB USB drive laying around and installed FreeNAS-9.10.2-U3 to this drive. Booted the FreeNAS rig with newly installed 8GB USB and uploaded the saved configuration file. Everything appeared running just fine. When I attempted the login to the SMB share of the FreeNAS volume from my desktop... Received a doesn't exist SMB error. Checked around the FreeNAS UI and noticed the volume was LOCKED. Attempted an Unlock, which failed. Started researching the issue and came to a very hard realization... I MAY have encrypted my 20TB volume of personal documents and family archive when I 1st created my FreeNAS system almost 6 months ago.

The kicker is... thinking that all was well with the updated FreeNAS install, I completely formatted the original FreeNAS USB boot device!

This is a hail mary post just hoping that there is something i missed before I have to break the news to my wife that I destroyed all our family photos and videos...

 

[Dice]

Without the encryption key, there ...the situation is unfortunate.
If you have your FreeNAS config file and the encryption key backed up, you should be fine.

 

[Vito Reiter]

If you have your FreeNAS config file and the encryption key backed up, you should be fine.

If this is your case, you'll be okay. Otherwise, stop using the original drive immediately. If this data is incredibly important to you there may be a company or even software out there that can help you out in this situation. When you encrypt volumes you always gotta make sure you have backups of backups of that encryption key. It's decently easy to recover a volume when just a boot drive fails, but a whole other level when the key is missing. Redundancy isn't a backup and if your data is the least bit important to you make sure you do occasional backups (Even backups to a non-redundant target is better than nothing)

 

[SweetAndLow]

If you don't have the encryption keys you can not access the data.

 

[m0nkey_]

If you don't have your keys, then your data is inaccessible. Restore from backup.

 

[Cpuroast]

If you don't have a backup of your data or a backup of your encryption keys, the only glimmer of hope in recovering this data,

would be if you recovered the encryption keys from the freshly formatted original 4GB USB stick using data recovery tools or services.
It's standard ZFS on the USB stick.

If you've written a bunch of stuff to the original 4GB USB stick, that glimmer of hope pretty much gets extinguished.

 

[Horace Gilchrist]

Without the encryption key, there ...the situation is unfortunate.
If you have your FreeNAS config file and the encryption key backed up, you should be fine.

I have the config file, yes. However, I do not have backup of the encryption key...

 

[Horace Gilchrist]

If you don't have a backup of your data or a backup of your encryption keys, the only glimmer of hope in recovering this data,

would be if you recovered the encryption keys from the freshly formatted original 4GB USB stick using data recovery tools or services.
It's standard ZFS on the USB stick.

If you've written a bunch of stuff to the original 4GB USB stick, that glimmer of hope pretty much gets extinguished.

I wrote zeros to the USB thumb drive like a good security conscious user! I did attempt testdisk against it and guess what... nothing!!!

 

[Horace Gilchrist]

Thank you ALL for responding. Even though this situation is quite bleak, I do feel a tad better that you all have come to my aid.

I'm wondering now, if there is a chance the encryption may be in the config file?

My Google searches suggestion that as a fat chance!

If that avenue leads to the bridge-to-now-where, then I'm guessing the only other chance for salvation is by brute forcing the encryption key. The little i know on security is that would be like looking for a specific star in the entire universe. Allow, if there is a method I would have nothing better to try. Can't really bring myself to wiping the drive and starting over... Just ,can't even imagine that! Please enlighten me on the above.

 

[Horace Gilchrist]

If this is your case, you'll be okay. Otherwise, stop using the original drive immediately. If this data is incredibly important to you there may be a company or even software out there that can help you out in this situation. When you encrypt volumes you always gotta make sure you have backups of backups of that encryption key. It's decently easy to recover a volume when just a boot drive fails, but a whole other level when the key is missing. Redundancy isn't a backup and if your data is the least bit important to you make sure you do occasional backups (Even backups to a non-redundant target is better than nothing)

Yes, Vito. I agree that redundancy is not a backup. Disk failure was not the cause of this issue. The funny part is that I'm/was about 2-3 months savings away from buying an LTO tape drive and tape cartridges to complete my FreeNAS setup. I feel like Wile E. Coyote now. Back to the drawing board!

 

[DrKK]

DO.
NOT.
ENCRYPT.
YOUR.
ZFS.
POOLS.

 

[Robert Trevellyan]

I do not have backup of the encryption key...

Are you absolutely sure? Think back, when you chose to encrypt, you would have been prompted to backup the key. Where might you have saved it?

 

[danb35]

I'm wondering now, if there is a chance the encryption may be in the config file?

No. IMO, it should be, but that's a design decision made by the developers.

I'm guessing the only other chance for salvation is by brute forcing the encryption key.

This is effectively impossible, by design. FreeBSD uses strong encryption algorithms and long keys by design. To successfully brute-force the key with anything less than the NSA's army of supercomputers would take, at minimum, several lifetimes.

 

[Horace Gilchrist]

Are you absolutely sure? Think back, when you chose to encrypt, you would have been prompted to backup the key. Where might you have saved it?

Robert, boy! have I thought about this... I migrated all my data from a 8TB Drobo mini to my FreeNAS setup and like a n00b i copied the encryption key to the FreeNAS volume! ALL HOPE IS LOST! I have to spend the next several lifetimes hoping for quantum computing to make instantaneous decryption a reality for the every day man. Too bad I'll be dead by then. MAN! This is such a hard lesson to learn!

 

[DrKK]

DO.
NOT.
ENCRYPT.
YOUR.
ZFS.
POOLS.
PEOPLE.

 

[Robert Trevellyan]

ALL HOPE IS LOST!

:(

 

[Horace Gilchrist]

:(

Robert, OMG! you made me think of something! It's a long shot by far BUT it is still something... I believe I had SpiderOak One installed on the system that temporary held the FreeNAS encryption key when it was 1st created. I'm now wondering... what does the key look like and how can I identify it!!!! Oh my blessed Jesus, can this be the ray I hope I need? Please tell what I need to search for? A filename pattern or maybe an extension???

 

[Zofoor]

Usually the file name is something like geli.key

Sent from my Nexus 5 using Tapatalk

 

[Kevin Horton]

The key files for my offsite backup server (saved on all my computers) are geli.key and geli_recovery.key.

I chose not to encrypt my main server, at home, as the kind of person likely to break in and steal it wouldn't know anything about ZFS, so wouldn't be able to make sense of the unencrypted data from individual disks. The offsite server, where I have no control over access to the server room, is another story.

Good luck.

 

[Horace Gilchrist]

The key files for my offsite backup server (saved on all my computers) are geli.key and geli_recovery.key.

I chose not to encrypt my main server, at home, as the find of person likely to break in and steal it wouldn't know anything about ZFS, so wouldn't be able to make sense of the unencrypted data from individual disks. The offsite server, where I have no control over access to the server room, is another story.

Good luck.

Duly noted Kevin. My thinking is, if someone actually gained entry in home and made off with the system and I lost physical possession of many personal documents, any garden variety burglar would see value on in the resale of the hardware but just like an Ocean 11 movie, the "thugs" could have a nerdy operative that would enjoy the data abduction project. So encryption made sense to me for a just-in-case physical data security solution. Now I in hindsight, I probably should not watch so many movies.

No real off-site backup solution... yet, aside from the backup service mostly for workstation(s) in which I HOPE to find those precious keys. Just wish SpiderOak had created a FreeNAS plug-in and that woody had gone straight to the police (most may not get the last reference)

I'll take the Good luck. I certainly will use it on this one!