[SGVLUG] resize encrypted filesystem

[Emerson, Tom]

> -----Original Message----- Of Claude Felizardo
> 
> Anyone know if it is possible to resize an encrypted 
> filesystem in place?

I suspect not, and you've almost found out why...
 
[...]
> Everything that I can find says to copy the data to another 
> area, do a destructive resize, recreate the encrypted 
> filesystem and then copy the data back.

I'll agree with this (more in a moment)

> ... I've got the data backed up on an external disk but

If it's backed up, then it sounds like you've already accomplished step
1 above (copy to...) -- is this external disk ALSO encrypted?

> I'd prefer to do it all in place w/o having to leave an 
> unprotected copy of the files lying about.

Nothing in the above suggestion says the "copy" has to be unprotected --
it just says to copy "to another area" -- that "other area" can be
encrypted as well...

Other than speed, since you already have a copy, why the concern over
doing this "in place"?  (unless you maybe don't trust the copy?)

My take on why resizing "encrypted" partitions will trash data: in
modern file systems, "formatting" amounts to writing the underlying
"structure" of the file system to disk (directories and inodes,
mainly...)  since the "disk" is encrypted, you have to write these
"structural marks" in an encrypted fashion, and that is done by virtue
of the fact you're going through the encrypted "device driver".

When you RESIZE a partition, however, the reads and writes go against
the DEVICE itself, not "through the driver", and as such you'll end up
reading pointers that are "just plain wrong (encrypted) or worse,
attempting to re-writing data in a different location, which will
totally hose up the encryption "stream"  (since a good encryption system
will encode the same "original" sequence differently each time it
appears, merely because it appears "later" in the stream, decrypting
things out-of-seuqnece will be really bad.

(and yes, I know I've hosed up a word there -- I wanted to cite the
tidbit / funny joke about how humans can reliably read entire paragraphs
where every word is 'munged', though keeping the first & last letter
"correct", but for some reason searching for "every word is misspelled"
doesn't seem to find it when, in fact, "ervey wrod IS msilpesled" in the
document...)

[[ummm.... >DUH< -- I had to actually search for "ervey wrod" (and
uncorrect the auto-correction) in order to find it -- it's EVERYWHERE --
I even went to "page 35" of the results and still saw the same excerpt!]
(google had collapsed the results by then, but I've digressed...)

Does this make sense now?