Passphrase removal for encrypted pool no longer available on Freenas 11.2-U4

A

Apollo

Wizard
Joined
Jun 13, 2013
Messages
1,458
As the title says it, under the new GUI, the option to remove the passphrase to an encrypted volume is no longer available.
Either the feature was lost again or it is well hidden.

I remember I had this issue a few updates ago and I believe it has been reintroduced then.
For now, I was able to remove the passphrase using the legacy GUI.
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
What is the feature supposed to do? Delete the first key? Replace the first key with one that doesn't take a passphrase?
 
A

Apollo

Wizard
Joined
Jun 13, 2013
Messages
1,458
If you set a passphrase to an encrypted pool, you will need to enter the passphrase anytime you reboot in order to unlock the pool.
If you do not set a passphrase, upon reboot, the pool will be automatically unlocked.

By default, you can create a passphrase and later on change it to a different passphrase. The new GUI doesn't give you the ability to remove the passphrase. The old GUI does however.
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
My question is specifically whether the key that gets thrown out gets replaced with a new one (which presumably gets stored in the boot device).
 
A

Apollo

Wizard
Joined
Jun 13, 2013
Messages
1,458
I don't think the key gets thrown out.
If I remove the passphrase and later on decide to use the same passphrase, upon exporting and importing the pool back, I believe the GELI keys are still valid.
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
Apollo said:
I don't think the key gets thrown out.
Click to expand...
It has to. Well, conceivably you could re-use the key sans the passphrase, but it's fundamentally a different secret then. I'm not sure if the cryptography holds up if you try that, because the plaintext - the master key which actually encrypts the disk - doesn't change, so you might be leaking information. But that's just me erring on the side of caution by virtue of not being a cryptographer.
 
A

Apollo

Wizard
Joined
Jun 13, 2013
Messages
1,458
Back to the original question, why has the passphrase removal check box been removed in the new GUI?
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
It sounds like an oversight of some sort. File a bug report and post the issue number here.
 
A

Apollo

Wizard
Joined
Jun 13, 2013
Messages
1,458
You must log in or register to reply here.

Similar threads

M
Error setting passphrase for encrypted pool
Replies
2
Views
812
matthew180
M
Y
  • Locked
Encrypted system suddenly requests passphrase?!
Replies
6
Views
949
Mr_N
Mr_N
Ben1010101
  • Locked
Encryption Checklist?
Replies
7
Views
4K
devnullius
devnullius
L
  • Locked
Cannot create passphrase for new pool on 11.2-BETA3
Replies
1
Views
776
Lucinde
L
M
Can't set passphrase to encrypted pool
Replies
5
Views
4K
dlavigne
D
Top