Rekeying and importing encrypted volume after restoring config backup

[Pestaninha]

Hi,

Two questions on encryption:

I want to rekey my encrypted volume as I no longer trust that my geli key is safe... From the documentation, it seems to be a matter of clicking the rekey button, is that correct or do I risk losing data in the process?

Second question is harder... So, I have an encrypted pool and I want to import it after restoring a config backup. This is a clean install of freenas (the boot media died). The thing is that when importing the pool, i input the geli key and the passphrase and the GUI gives me an terror stating that it cant find the geli key. The path on the error tells me that the restore also told the GUI were to find the geli key but the information is no linger valid... Is this a known bug? How can I get around it? I had a few ideas but didn't want to mess around as I'm afraid to lose that data

Thank you

 

[dlavigne]

Did you find the answers to your questions?

 

[Pestaninha]

Did you find the answers to your questions?

Hi,

For the first one, yes... I created a new volume, encrypted it and exported the GELI key. Then I pressed the re-key button, it asks for my root password and then I exported the GELI key again and performed an md5sum just to be sure. So yeah, to re-new the key is just a matter of pressing the button and hoping everything goes well (if it displays errors, there is help on the documentation).

As for the other question, no. I decided to make a clean install and configure everything from scratch. If I have the time, I might lab this on a VM in the future and try to come up with a solution...