Thomas Klausner <w...@netbsd.org> writes: > When I pick up a cgd disk and want to use it on a NetBSD system to > which it was not connected before, what do I need? > > - the passphrase > - the /etc/cgd/foo file? > > If you need the /etc/cgd/foo file too, how do people handle those for > cgds used as backup disks?
Yes, you need the /etc/cgd/foo file because the passphrase is salted, and you might need an iv depending on iv method. IMHO this is a design bug in cgd. At least as a normal path, one should be able to access with just the passphrase. My setup is (this is for a 512-sector disk) GPT partition on disk index 2: 16384 sectors starting at 64, ffs index 1: rest of disk, cgd in index 2, newfs and then rsync all my cgd init files. in index 1, cgconfig Thus, any backup disk has the params for all of them. > The other question is that the cgd man page says that some ciphers are > obsolete. How can I switch from an obsolete cipher to a new one - is > the only method to make a new cgd with the new cipher and copy the > data manually? I believe that's the only way. I can't even figure out how to change the passphrase without doing that.
