On this wiki page it says:
The
-eoption controls whether or not encryption will be enabled for the storage.
The storage password is used to encrypt the
configfile only.
This sounds contradictory or at least ambiguous.
Does the -e option encrypt both the storage and the config file?
Does the -e option encrypt only the config file?
Does the -e option encrypt only the storage?
I think the wording can be clearer here.
Only config file. Storage is always encrypted with the keys located in the config file. If you don’t encrypt your config file anyone can read encryption keys from it and decrypt your storage.
So the wording seems accurate.
From the user perspective, not specifying -e leave storage world readable. The second sentence explains implementation detail.
Thanks, that helps.
I thought the password was the decryption key for the storage. But you are saying it only encrypts the config file which in turn contains decryption keys for the storage. Correct?
In that case what happens if the config file is lost? Backup kapoof?