Some questions about encryption

[lixe]

Hi,

I want to encrypt my existing array and will follow the guide spaceinvaderone did some time ago (using unbalance to “clear” one drive after the other...).

 

But I’m just curious about a few things:

 

- As it seems I still need to use SSL for the WebGUI to use encryption, why exactly is this necessary?

- Do I get any problems when my cert runs out, which will be the case in about two months and I have to renew my cert (I guess the SSL cert isn’t used for the encryption itself, so a new cert won’t change anything, the only thing which is actually necessary for decrypting is my passphrase)

- Is there a way to keep the parity in sync in case something goes wrong? Of course I have a backup of my important files. My guess is that the parity drive won’t be of any help anymore after encrypting the first (empty) disk, since it isn’t completely identical to the status before (unencrpted) even if it will be “empty” before and after the encryption. So of course I could sync it again after encrypting the first disk which would give me some kind of protection for that moment being. I could then move all my files again, so the second disk is empty, but after encrypting that one my parity would be useless again until I synced it again. To cut a long story short, it seems parity won’t really help until the process of encryption is completely done, am I right? I would only have protection while moving the files from A to B?

[JonathanM]

18 minutes ago, lixe said:

Is there a way to keep the parity in sync in case something goes wrong?

If you follow the methods as written, parity stays in sync the entire time. Parity doesn't have any concept of files or file systems, encrypted or not. It only recreates bit for bit a missing drive slot by completing an equation.

[lixe]

Thanks for the quick answer!

 

So just that I get this right:

 

- I empty my frist data drive using unbalance plugin

 

- Stop the array

 

- Set the first drive to unassigned so that I can format it using unassigned devices plugin

 

- Format the first drive and assign it again

 

- Start the array and have to format the first drive, now using encryption

 

- Parity will still be in sync

 

- And then I continue with the next drive

 

So there wouldn’t be any need for New Config except I would like to skip parity for all the moving which is involved like spaceinvaderone did in his tutorial?

[itimpi]

Not quite.    You do not Unassign the drive or use the UD plugin.   After stopping the array click on the drive to select the encryption you want.    Now start the array and you are given the option to format the drive with encryption.

[lixe]

Thanks, ok, that’s even easier!

[lixe]

So I’ve emptied disk2 of my array, stopped the array, selected xfs encrypted for disk2, started the array and formatted disk2.

 

Before moving any data I did a parity check just to be sure. It’s finished now. I’ve got zero sync errors but disk2 has 152 (read) errors. I will check the cables and after that maybe do a parity check again or an extended smart check and see if the errors are gone then or if the disk is really damaged. Unraid still shows the disk as healthy... maybe it was just bad luck... what do you guys think? 

[jang430]

When you do this, and format the drive with encryption, when drive goes dead, does it mean it cannot be read by any other machine?  

[lixe]

As long as the other machine doesn’t know the encryption passphrase, it shouldn’t be possible to read the disk in any machine...

[jang430]

thanks

 

[jang430]

Hi.  After unassigning the disk, I went to delete existing xfs partition.  Selected the disk under UD plugin, assigned a password.  I then selected 'XFS encrypted.'   Formatted, provided the same password I set in UD plugin.  Assigned the drive to the array, started.  Now I see 'Unmountable: Encrypted volume present.'  Ticked on format once again at the bottom of the main page.  After Format, I see the drive has 14GB used.  File system says XFS.  Is this considered encrypted disk?  

 

What if I want to add another encrypted disk, and assign to the same share?