From owner-freebsd-geom@FreeBSD.ORG  Sun Jan 13 23:15:42 2008
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 50B3316A41B
	for <freebsd-geom@freebsd.org>; Sun, 13 Jan 2008 23:15:42 +0000 (UTC)
	(envelope-from volker@vwsoft.com)
Received: from frontmail.ipactive.de (frontmail.maindns.de [85.214.95.103])
	by mx1.freebsd.org (Postfix) with ESMTP id 04C7013C461
	for <freebsd-geom@freebsd.org>; Sun, 13 Jan 2008 23:15:40 +0000 (UTC)
	(envelope-from volker@vwsoft.com)
Received: from mail.vtec.ipme.de (Q7d4e.q.ppp-pool.de [89.53.125.78])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by frontmail.ipactive.de (Postfix) with ESMTP id D0379128844
	for <freebsd-geom@freebsd.org>; Sun, 13 Jan 2008 23:42:44 +0100 (CET)
Received: from cesar.sz.vwsoft.com (cesar.sz.vwsoft.com [192.168.16.3])
	by mail.vtec.ipme.de (Postfix) with ESMTP id CF47A3F467
	for <freebsd-geom@freebsd.org>; Sun, 13 Jan 2008 23:42:27 +0100 (CET)
Message-ID: <478A93D4.3030200@vwsoft.com>
Date: Sun, 13 Jan 2008 23:42:28 +0100
From: Volker <volker@vwsoft.com>
User-Agent: Thunderbird 2.0.0.9 (X11/20071127)
MIME-Version: 1.0
To: freebsd-geom@freebsd.org
X-Enigmail-Version: 0.95.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
MailScanner-NULL-Check: 1200868959.57332@zfQ9exRwIWcL38frRQ3Rkg
X-VWSoft-MailScanner: Found to be clean
X-MailScanner-From: volker@vwsoft.com
X-ipactive-MailScanner-Information: Please contact the ISP for more information
X-ipactive-MailScanner: Found to be clean
X-ipactive-MailScanner-From: volker@vwsoft.com
Subject: geli(8) manpage
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jan 2008 23:15:42 -0000

Hi!

quote from geli(8):

You are the security-person in your company.  Create an encrypted
provider for use by the user, but remember that users forget their
passphrases, so back Master Key up with your own random key:

           # dd if=/dev/random of=/mnt/pendrive/keys/`hostname` bs=64
count=1
           # geli init -P -K /mnt/pendrive/keys/`hostname` /dev/ad0s1e
           # geli backup /dev/ad0s1e /mnt/pendrive/backups/`hostname`
           (use key number 0, so the encrypted Master Key by you will
be overwritten)
           # geli setkey -n 0 -k /mnt/pendrive/keys/`hostname` /dev/ad0s1e
           (allow the user to enter his passphrase)
           Enter new passphrase:
           Reenter new passphrase:
/quote

When trying this scenario, geli claims about the "setkey -n 0" command
with "geli: Missing -p flag."

All works well with the -p flag, so I guess the manpage is wrong here?


Volker