On Thu, Feb 11, 2021 at 06:56:40PM +0000, tetrahe...@danwin1210.me wrote:
> On Sun, Jan 31, 2021 at 12:06:37PM +0100, Stefan Sperling wrote:
> > On Sun, Jan 31, 2021 at 11:47:04AM +0100, Stefan Sperling wrote:
> > > In general, crypto softraid volumes don't auto-assemble.
> >
> > I forgot that softraid volumes that use a key disk instead of a
> > passphrase will auto-assemble. Have you already tried that?
> > A disklabel slice on the USB key could act as a key disk for
> > the encrypted volume on the internal disk.
>
> I am looking at the manpage for bioctl(8) and I don't see any provision for
> either changing the passphrase of an existing encrypted disk,
Changing the passphrase can be done. From bioctl(8):
-P Change the passphrase on the selected crypto volume.
> or replacing the passphrase with a keydisk.
AFAIK that cannot be done. I agree it would be nice to have.
> Is there any way to change my existing install over to using a keydisk,
> instead of a passphrase? Or do I need to wipe everything and re-install?
Yes, wipe and reinstall is the way to go. This could be used as an
opportunity to go through the backup and restore steps required to
get the system working again after losing the key disk :)
To easily restore your installed packages after a re-install check
out the -z options of pkg_info and pkg_add. Combined with backups of
important files this makes the process not too painful.
