Hi,
can someone guide me how to create encrypted volume with AES-XTS 256 encryption algorithm ? By default, FreeNAS is using AES-XTS 128 for data when you create volume from GUI, for some compliance reasons I need to change it to AES-XTS 256.
I am trying to test this on VMWare virtual machine (1 x 16Gb disk for install and swap, 5 x 5 GB disks for data RAIDZ2). I tried to use similar workaround in FreeNAS 9.3 , but I am not sure what I achieved. Unfortunately, I do not understand GEOM geli encryption behind the scene, so can someone in short can explain to me
1) What gtpid represents ?
2) What ada represents ? Is it possible to change this encryption to AES-XTS 256 ?
3) How are they related ?
can someone guide me how to create encrypted volume with AES-XTS 256 encryption algorithm ? By default, FreeNAS is using AES-XTS 128 for data when you create volume from GUI, for some compliance reasons I need to change it to AES-XTS 256.
I am trying to test this on VMWare virtual machine (1 x 16Gb disk for install and swap, 5 x 5 GB disks for data RAIDZ2). I tried to use similar workaround in FreeNAS 9.3 , but I am not sure what I achieved. Unfortunately, I do not understand GEOM geli encryption behind the scene, so can someone in short can explain to me
1) What gtpid represents ?
2) What ada represents ? Is it possible to change this encryption to AES-XTS 256 ?
3) How are they related ?
Code:
geli status Name Status Components gptid/6150cb18-bac2-11e6-a033-000c290b314c.eli ACTIVE gptid/6150cb18-bac2-11e6-a033-000c290b314c gptid/616f2340-bac2-11e6-a033-000c290b314c.eli ACTIVE gptid/616f2340-bac2-11e6-a033-000c290b314c gptid/618c0d0d-bac2-11e6-a033-000c290b314c.eli ACTIVE gptid/618c0d0d-bac2-11e6-a033-000c290b314c gptid/61a8c021-bac2-11e6-a033-000c290b314c.eli ACTIVE gptid/61a8c021-bac2-11e6-a033-000c290b314c gptid/61c5d7e8-bac2-11e6-a033-000c290b314c.eli ACTIVE gptid/61c5d7e8-bac2-11e6-a033-000c290b314c ada0p1.eli ACTIVE ada0p1 ada1p1.eli ACTIVE ada1p1 ada2p1.eli ACTIVE ada2p1 ada3p1.eli ACTIVE ada3p1 ada4p1.eli ACTIVE ada4p1
Code:
geli list Geom name: gptid/6150cb18-bac2-11e6-a033-000c290b314c.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 256 Crypto: hardware Version: 7 UsedKey: 0 Flags: NONE KeysAllocated: 1 KeysTotal: 1 Providers: 1. Name: gptid/6150cb18-bac2-11e6-a033-000c290b314c.eli Mediasize: 3221135360 (3.0G) Sectorsize: 4096 Mode: r1w1e1 Consumers: 1. Name: gptid/6150cb18-bac2-11e6-a033-000c290b314c Mediasize: 3221139456 (3.0G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 2147549184 Mode: r1w1e1 Geom name: gptid/616f2340-bac2-11e6-a033-000c290b314c.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 256 Crypto: hardware Version: 7 UsedKey: 0 Flags: NONE KeysAllocated: 1 KeysTotal: 1 Providers: 1. Name: gptid/616f2340-bac2-11e6-a033-000c290b314c.eli Mediasize: 3221135360 (3.0G) Sectorsize: 4096 Mode: r1w1e1 Consumers: 1. Name: gptid/616f2340-bac2-11e6-a033-000c290b314c Mediasize: 3221139456 (3.0G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 2147549184 Mode: r1w1e1 Geom name: gptid/618c0d0d-bac2-11e6-a033-000c290b314c.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 256 Crypto: hardware Version: 7 UsedKey: 0 Flags: NONE KeysAllocated: 1 KeysTotal: 1 Providers: 1. Name: gptid/618c0d0d-bac2-11e6-a033-000c290b314c.eli Mediasize: 3221135360 (3.0G) Sectorsize: 4096 Mode: r1w1e1 Consumers: 1. Name: gptid/618c0d0d-bac2-11e6-a033-000c290b314c Mediasize: 3221139456 (3.0G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 2147549184 Mode: r1w1e1 Geom name: gptid/61a8c021-bac2-11e6-a033-000c290b314c.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 256 Crypto: hardware Version: 7 UsedKey: 0 Flags: NONE KeysAllocated: 1 KeysTotal: 1 Providers: 1. Name: gptid/61a8c021-bac2-11e6-a033-000c290b314c.eli Mediasize: 3221135360 (3.0G) Sectorsize: 4096 Mode: r1w1e1 Consumers: 1. Name: gptid/61a8c021-bac2-11e6-a033-000c290b314c Mediasize: 3221139456 (3.0G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 2147549184 Mode: r1w1e1 Geom name: gptid/61c5d7e8-bac2-11e6-a033-000c290b314c.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 256 Crypto: hardware Version: 7 UsedKey: 0 Flags: NONE KeysAllocated: 1 KeysTotal: 1 Providers: 1. Name: gptid/61c5d7e8-bac2-11e6-a033-000c290b314c.eli Mediasize: 3221135360 (3.0G) Sectorsize: 4096 Mode: r1w1e1 Consumers: 1. Name: gptid/61c5d7e8-bac2-11e6-a033-000c290b314c Mediasize: 3221139456 (3.0G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 2147549184 Mode: r1w1e1 Geom name: ada0p1.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 128 Crypto: hardware Version: 7 Flags: ONETIME, W-DETACH, W-OPEN KeysAllocated: 1 KeysTotal: 1 Providers: 1. Name: ada0p1.eli Mediasize: 2147483648 (2.0G) Sectorsize: 4096 Mode: r1w1e0 Consumers: 1. Name: ada0p1 Mediasize: 2147483648 (2.0G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 65536 Mode: r1w1e1 Geom name: ada1p1.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 128 Crypto: hardware Version: 7 Flags: ONETIME, W-DETACH, W-OPEN KeysAllocated: 1 KeysTotal: 1 Providers: 1. Name: ada1p1.eli Mediasize: 2147483648 (2.0G) Sectorsize: 4096 Mode: r1w1e0 Consumers: 1. Name: ada1p1 Mediasize: 2147483648 (2.0G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 65536 Mode: r1w1e1 Geom name: ada2p1.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 128 Crypto: hardware Version: 7 Flags: ONETIME, W-DETACH, W-OPEN KeysAllocated: 1 KeysTotal: 1 Providers: 1. Name: ada2p1.eli Mediasize: 2147483648 (2.0G) Sectorsize: 4096 Mode: r1w1e0 Consumers: 1. Name: ada2p1 Mediasize: 2147483648 (2.0G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 65536 Mode: r1w1e1 Geom name: ada3p1.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 128 Crypto: hardware Version: 7 Flags: ONETIME, W-DETACH, W-OPEN KeysAllocated: 1 KeysTotal: 1 Providers: 1. Name: ada3p1.eli Mediasize: 2147483648 (2.0G) Sectorsize: 4096 Mode: r1w1e0 Consumers: 1. Name: ada3p1 Mediasize: 2147483648 (2.0G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 65536 Mode: r1w1e1 Geom name: ada4p1.eli State: ACTIVE EncryptionAlgorithm: AES-XTS KeyLength: 128 Crypto: hardware Version: 7 Flags: ONETIME, W-DETACH, W-OPEN KeysAllocated: 1 KeysTotal: 1 Providers: 1. Name: ada4p1.eli Mediasize: 2147483648 (2.0G) Sectorsize: 4096 Mode: r1w1e0 Consumers: 1. Name: ada4p1 Mediasize: 2147483648 (2.0G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 65536 Mode: r1w1e1