Hey Unraid-ers, I have few questions in regards encryption.
I am a long-term user of TrueCrypt then VeraCrypt for Windows but now with my Unraid array in operation I am testing few encryption scenarios with the intention to move all my VeraCrypt files to Unraid. I am testing this on another PC using 2GB USBs (otherwise it will take to long to rebuild the array and perform parity check). I setup 4 drives (2 xfs based and 2 xfs-encrypted) as I only need to encrypt less than half of my files (namely financial data, documents, etc). And if something happen to my array, I can still recover the non-encrypted portion of my array. With the encrypted files, I do make regular backup on cloud/external storage as well, so minimal chance of losing critical data.
Now I have watched the awesome Spaceinvader One's video but I am a bit uncertain on few things:
1. Can I partially encrypt my array? Will that cause any security issue?
2. I encrypted 2 usb drives with xfs-encrypted by changing the default file system to xfs-encrypted but in the Main page (GUI) after pre-clean, formatting and attaching them to the array, they still say xfs, is that a normal behaviour? Also, I don't see the padlock sign like the video.
3. I restarted and rebooted the array few times to test it, and everytime it asked me to enter the passphrase, but I can enter any/new passphrase? Is that normal? When using TC or VC, I need to enter the same passphrase.
4. If somehow, I decided to take an encrypted disk from the array, is there an application that will allow me to see and transfer the files (obviously after entering the correct passphrase) ala TC/VC?
5. I can already limit the access to the encrypted shares (let's call it "secret" share) to other PCs in my network by changing the access level in SHARES, but I can't find any feature to block users from accessing the //tower in UNRAID. A user can still see what those files are by going to //tower and run the Krusader docker. Is there a away to limit access to //tower?
Thanks in advance for reading, and if you by chance know the answer and want to reply, even more thanks!