This is the procedure for changing the GEOM ELI (GELI) password on encrypted disks. This includes multiple disks in stripe or RAID with FreeBSD and ZFS-on-Root.
GELI password and encryption.
The default install of FreeBSD offers full disk encryption of one or more disks with GELI. The full disk encryption is seamless and simple to use. The user simply needs to type in the password on boot. If the password is correct, then the computer boots FreeBSD.
During the installation of FreeBSD, GELI generates a random master key for each disk. The master key is different on each disk. The master key is not written anywhere else than on the disk. The master key is used to encrypt data.
The GELI password is not used directly for encryption. The password is used to derive a key-encryption key (KEK) for each disk. This is also known as a user key. The user key is an encrypted copy of the master key for the disk. The same password is by default used for each user key. This is why the same password can decrypt several disks at boot.
The FreeBSD implementation of GELI support the use of an additional user key for each disk. This means, that 2 different passwords could be used. The user key does not have to be assigned to a password. It can also be assigned to a key file or both.
Backup before attempting to change password.
As always, it is adviced to have a backup of the file system, before attempting to change the password for an encrypted file system. It is also important to be certain, that the file system can be restored. Any mistake can brick the computer in an instant.
Choosing a new password.
The GELI password prompt does not in itself protect the system against brute force attacks with delay, rate limiting, lock-out nor similar protection. Instead, when the password is given, GELI applies a large number of hash iterations. This is by default tuned, so it takes an amount of time, that slows brute force down by several orders of magnitude.
For this reason, the password should meet a good balance between being a strong password, a human-friendly password and a keyboard safe password. It is important to know, that a simple password from a dictionary, such as “Pencil” in the famous movie War Games, is not a strong password and could be cracked by an offline GPU cluster.
The strengh of a password is measured in entropy, which is the amount of predictable possiblities. Low entropy can be hacked in minutes. High entropy could be impossible to hack with current and future computer power. I suggest an entropy of 100 bits or more for a GELI password. 100 bits of entropy is astronomically strong.
A strong password includes non-dictionary letters, numbers and special characters, that can be memorized. The password should also be safe, so it can be typed on a default keyboard layout. The following examples include non-dictionary letters, numbers and special characters, that can be memorized, while also being keyboard safe.
42Jamping!GaraffeYpD
now2+Tomarrowww-Vm3V
3p3NoBeech!4MedGaze?
Changing GELI password.
Changing the GELI password, that is used to decrypt each disk, is done by using the GELI utility.
In this example, the machine has a Root-on-ZFS file system, that is stored on 2 disk partition components in stripe and registered as ada0p3 and ada1p3. The new password is written to the file newpassword.txt. The new password is then used to generate a new user key for each disk.
# geli status
# vi newpassword.txt
# geli setkey -J newpassword.txt ada0p3
# geli setkey -J newpassword.txt ada1p3
The GELI password has now been changed. The old password can no longer be used to decrypt the file system.
Adding an extra GELI password.
I would generally not advice using several GELI passwords, but on critical systems, a GELI password change could be performed without deleting the original key, until the new key is tested to work. This is also true, if the new password also requires a keyfile.
In this example, the machine has 1 disk partition, that is registered as ada0p3. The extra password is written to the file extrapassword.txt. The extra password is then used to generate a new user key in slot 1 for the disk. The password and user key in slot 0 remains unchanged.
# geli status
# vi extrapassword.txt
# geli setkey -J extrapassword.txt -n 1 ada0p3
The extra GELI password has now been added. The extra password in slot 1, and the password in slot 0, can be used to decrypt the file system.
Warning: GELI metadata backup files can decrypt.
It is important to know, that a backup of GELI metadata for a disk, can be used to decrypt that disk. This is even true, if the password was changed on the disk. The reason is, that the master key never changes. Only the key-encrypted copy changes.
I do not recommend the use of GELI metadata backup files. Instead, I recommend, that an external file system backup is always available. There is a reason, that metadata corrupts. It usually means a new disk. And that means a fresh install and a restore.