Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

** VIDEO GUIDE ** How to securely autostart an encrypted unRAID array

Featured Replies

  • Community Expert

Isn’t the key file simply a text file containing the key you would otherwise enter via the GUI?    If so it should be trivial to create it manually.

  • Replies 96
  • Views 26.2k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • If passphrase is "grass is green" then you can create a file like this:   echo -n "grass is green" >/root/keyfile

  • Absolutely not.  Here's how it works.  There are two ways to specify an encryption key: Using a passphrase.  In this case what you type is exactly what will be used for the key, without any ne

  • Dirk_Platt
    Dirk_Platt

    I took the following approach to implement this using a free cloud solution:   1) signed up for a free account on https://sandstorm.io/  2) installed the "FileDrop"-App out of their "ap

Isn’t the key file simply a text file containing the key you would otherwise enter via the GUI?    If so it should be trivial to create it manually.
I believe there is two types. One that uses a keyfile such as an image. The other is just text file containing passphrase.



Sent from my Pixel 2 XL using Tapatalk

  • Community Expert
8 minutes ago, scubieman said:

I believe there is two types. One that uses a keyfile such as an image. The other is just text file containing passphrase.



Sent from my Pixel 2 XL using Tapatalk
 

I think they are effectively the same thing!    It is just the image variant has binary data so cannot be entered manually.    In both cases the content of the file is used as the key.

Edited by itimpi

Well, can someone check there keyfile and confirm.

 

If all i have to do is make a file with the password in it, and call it `keyfile` then thats an easy fix.

 

But seems too easy

?

 

Nobody can check their keyfile and verify?

you cant just open a texteditor and write the text there.... xDxDxDxD (as far as i know)

 

keyfile in unraid means like the whole thing (like when you open a .jpg in a texteditor)

 

I have a picture as my keyfile.

 

How to generate it out of the password itself, i guess thats something like 

 

-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: For info see http://www.gnupg.org

 

-----END PGP PUBLIC KEY BLOCK-----

 

maybe write a email to limetech and ask? I link him here, mabye he sees it @limetech

Edited by nuhll

  • Community Expert
19 hours ago, 7hr08ik said:

Well, can someone check there keyfile and confirm.

 

If all i have to do is make a file with the password in it, and call it `keyfile` then thats an easy fix.

 

But seems too easy

I have checked on one of my test systems by creating an encrypted disk with a passphrase and it appears that the keyfile contents IS just the passphrase.   Note that there is no end-of-line in the file so the file terminates at the last character of my passphrase.

Ok,

 

So, opened up kate, pasted in my passphrase, saved the file as `keyfile`

Tried opening the array using the keyfile, and no dice. Won`t work

 

I gonna guess its to do with the end-of-line. But not a clue about that.

 

Also,

 

Random weirdness, after failing to unlock the array with the keyfile, I need to reboot in order for my passphrase to work.

 

Yes im using ctrl+c/ctrl+v correctly from my password manager

  • Community Expert
48 minutes ago, 7hr08ik said:

Ok,

 

So, opened up kate, pasted in my passphrase, saved the file as `keyfile`

Tried opening the array using the keyfile, and no dice. Won`t work

 

I gonna guess its to do with the end-of-line. But not a clue about that.

 

It is critical that you. do NOT have an end-of-line character present or that will be treated as part of the key.  

maybe you can use ca config editor?

10 minutes ago, itimpi said:

It is critical that you. do NOT have an end-of-line character present or that will be treated as part of the key.  

Hey,

 

I understand that I need to NOT have eol. But I just dont know how to do it. All i did was paste my passphrase into the file, click save and close.

I'll try with nano and see if that makes any difference

No luck,

 

Opened up terminal, pasted the passphrase, saved, exited

 

Rebooted server, "Wrong Encryption Key"

 

How do I make a keyfile, without an end-of-line?

  • Community Expert

I am not sure if nano will automatically add the end-of-line.   I used vi where I could control that.  

A quick check is to 'cat' the file.  If there is no end-of-line then the bash prompt ends up on the same line as the passphrase.

 

If you want the array to autostart then you are going to need to add an entry in the 'go' file to copy your saved keyfile to /root/keyfile

Edited by itimpi

Tried `cat`, and the output is all on 1 line

 

Also, vi is scary

Edited by 7hr08ik

  • Community Expert
1 minute ago, 7hr08ik said:

Tried `cat`, and the output is all on 1 line

Sounds as if the file is correct then.   Have you made sure it has been copied to /root/keyfile before trying to start the array.

3 minutes ago, 7hr08ik said:

Also, vi is scary

I agree  x but I have been using it for so long now that it's use is almost instinctual 😁

I was just using the webGUI and selecting the keyfile from my desktop, to test before i setup all the ftp.

 

Will give it a try now tho

Right, so far...

 

Created keyfile in kate + nano

    Used webUI to select keyfile from desktop through Firefox.

    Copied keyfile to /root

Checked 5 times passphrase in keyfile is definitely correct.

    End-of-line appears to be correct

For some reason, stopping the array is not enough, need to reboot server each time, to test.

    I know this because entering the normal passphrase after failed login with keyfile, will fail.

 

Surely there is a command in linux, to force print the currently used keyfile. I mean, up until 6.8.0-rc1 the keyfile was printed to /root/keyfile, and we were simply copying it to be used for this unlocking method. The new update stops emhttp from printing the file. So there`s got to be a command I can use in terminal and have the server print/create/write the keyfile it is currently using, on unlocked array, to disk so I can copy it?

 

Will setup FTP on my phone, and try the full routine from the video.

Right,

 

-Server started and unlocked using normal passphrase, through firefox

-Phone given static IP on router

-Edited go file exactly as shown

    Although unsure as to which ` ' im supposed to use around the password (tried both)

    Attempted all possible combinations of ` ' and without, IP address is correct, file path is correct (tried several different paths)

-Logs don't show any attemp to access ftp let alone failed attempts for me to debug

 

Screw it, i'll stick to passwords. This shouldn't be this damn difficult.

So the FTP can be sorted, once i know the keyfile is working.

 

But there is no keyfile for me to copy.

 

So i need to either find it, or make one.

 

Apparently making one doesnt work.

 

So how do i find it? How do i print it? How the hell does this work?

Tried manually copying the keyfile to /root

Rebooted

No luck

 

Because the keyfile that was there, is no longer there???

 

root@Hal-9000:~# cp /boot/keyfile /root/keyfile
root@Hal-9000:~# ls
keyfile  mdcmd@
root@Hal-9000:~# 
Broadcast message from root@Hal-9000 (Sun Oct 27 14:23:05 2019):

The system is going down for reboot NOW!
Connection to 192.168.1.100 closed by remote host.
Connection to 192.168.1.100 closed.
rob@pop-os:~$ ssh [email protected]
[email protected]'s password: 
Linux 5.3.7-Unraid.
root@Hal-9000:~# ls
mdcmd@
root@Hal-9000:~# 

 

So how can i test the keyfile? Has the entire keyfile process changed, and not just writing it to /root?

 

Very confused, gonna go cry in a corner and come back later

  • Community Expert

I tested it by putting a copy of the key file on the flash drive and then adding a line to the start of the ‘go’ file to copy it to /root/keyfile and that seemed to work fine.

So, in your go file you added

'cp /boot/keyfile /root/keyfile'

 

Then rebooted, and she booted up unlocked?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.