ReadyNAS 6.1 volume encryption

In my opinion :

you must destroy the current volume then create a new one and it should ask you if you want to encrypt the volume

Thanks for the reply.

I'm using RN102 and only have one raid 1 volume which was created by during system initialization.
The "Destroy" button of that volume is grey and disabled.

It seems to me that ReadyNAS OS doesn't allow you to destroy the only volume.
I'm not sure if there's encryption option if I do a factory reset.

You need to disable X-RAID (Click the X-RAID button). Then you can destroy the volume (do make sure you backup any data you want to keep first as destroying the volume wipes all data).

Thanks and it works.
I turned OFF the X-RAID, destroy the drive, and able to turn ON encryption for new created volume.

The X-RAID could be turned on again after the encryption but I'm not sure if it really works. :|

Do I need to plug-in the USB (with key) all the time for the encrypted drive?
I try ejecting the USB and the encrypted drive is still working. Not sure if it's because of caching.

I think you must have the USB Key connected at reboot or it won't work at reboot. Not sure, but if you can boot the unit without the key why encrypt the volume ?

You must always attach the USB Key with encrypted key file in order to mount the volume. :) Also do not lose that key file

More try-and-error today. :lol:

Summary:

1) Reboot RN102 without the USB key, fail to connect the server via web interface
2) Plug-in the USB key (without reboot again), the start-up process continues with no issue.
3) Once it started up, I try ejecting the key again. Everything still works.

Just for testing purpose. Surely it would be more stable with USB key plugged in all the time.

yarix wrote:
Surely it would be more stable with USB key plugged in all the time.

But wouldn't that defeat the purpose of encryption?

fastfwd wrote:
But wouldn't that defeat the purpose of encryption?

Not necessarily. Your purpose might be to ensure that when a drive is replaced the data cannot be compromised.

If your purpose is to prevent data compromise if the unit is stolen, then leaving the USB key in all the time could also work. It depends on how Netgear set it up.

For instance, perhaps the data on the key is itself encrypted with public key encryption and that the ReadyNAS bios or OS6 decrypts that data to obtain the real decryption key for the volume. Since the key only works in a ReadyNAS, it could not be used to access your data in another system (PC, etc). The password/access controls on the shares and admin interface would protect your data from access if drives are in the ReadyNAS (even if the bad guy has the USB key). NOTE - this is a hypothetical. I don't know if Netgear used this kind of approach or not.

It would be helpful if Netgear gave more information on how the encryption is implemented. That would allow admins to do their own threat analysis, and in some cases, allow them to assess if the approach lets them meet regulatory requirements (such as HIPAA compliance in the US).

Personally I would prefer to choose. I would like to be able to mount the encrypted drive via the admin page pasting the key in!!