From owner-freebsd-geom@FreeBSD.ORG Sun Dec 23 21:02:26 2012 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 164B2EDD for ; Sun, 23 Dec 2012 21:02:26 +0000 (UTC) (envelope-from pawel@dawidek.net) Received: from mail.dawidek.net (garage.dawidek.net [91.121.88.72]) by mx1.freebsd.org (Postfix) with ESMTP id C9C4A8FC14 for ; Sun, 23 Dec 2012 21:02:25 +0000 (UTC) Received: from localhost (static254.debica228.tnp.pl [87.116.228.254]) by mail.dawidek.net (Postfix) with ESMTPSA id 71B21217; Sun, 23 Dec 2012 22:00:12 +0100 (CET) Date: Sun, 23 Dec 2012 22:02:22 +0100 From: Pawel Jakub Dawidek To: =?utf-8?B?0JHQu9C+0LPQtdGA?= Subject: Re: keyfile on another HDD. Message-ID: <20121223210221.GB1436@garage.freebsd.pl> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="8P1HSweYDcXXzwPJ" Content-Disposition: inline In-Reply-To: X-OS: FreeBSD 10.0-CURRENT amd64 User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-geom@freebsd.org X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Dec 2012 21:02:26 -0000 --8P1HSweYDcXXzwPJ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Dec 22, 2012 at 02:40:28PM +0300, =D0=91=D0=BB=D0=BE=D0=B3=D0=B5=D1= =80 wrote: > Is it possible to read key file from another HDD with FAT16 during > system boot? I assume you are asking for GELI disk encryption? It depends which stage in the boot process we are talking about. If you would like to read key from a file for partition, which holds root file system (so you need the key after the kernel is loaded, but before root file system is mounted) then no, it is not currently possible. Key can be read only from the file system the kernel was loaded and I don't believe we can boot FreeBSD from FAT16. If you would like to read key after root is mounted, then it should be possible. Your FAT16 file system just needs to be mounted before /etc/rc.d/geli script is executed. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --8P1HSweYDcXXzwPJ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlDXcV0ACgkQForvXbEpPzR0tgCfScWhdO8zh+A5xtMCrUyJu0OE uNIAoOem/ZDE8TJxlS0yMn3g8c6k479H =0D8N -----END PGP SIGNATURE----- --8P1HSweYDcXXzwPJ-- From owner-freebsd-geom@FreeBSD.ORG Mon Dec 24 11:06:42 2012 Return-Path: Delivered-To: freebsd-geom@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E5DA166D for ; Mon, 24 Dec 2012 11:06:42 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id CAC8E8FC14 for ; Mon, 24 Dec 2012 11:06:42 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id qBOB6g9P066028 for ; Mon, 24 Dec 2012 11:06:42 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id qBOB6gnY066026 for freebsd-geom@FreeBSD.org; Mon, 24 Dec 2012 11:06:42 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 24 Dec 2012 11:06:42 GMT Message-Id: <201212241106.qBOB6gnY066026@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-geom@FreeBSD.org Subject: Current problem reports assigned to freebsd-geom@FreeBSD.org X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Dec 2012 11:06:43 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/171865 geom [geom] [patch] g_wither_washer() keeping a core busy o kern/170038 geom [geom] geom_mirror always starts degraded after reboot o kern/169539 geom [geom] [patch] fix ability to run gmirror on MSI MegaR a bin/169077 geom bsdinstall(8) does not use partition labels in /etc/fs f kern/165745 geom [geom] geom_multipath page fault on removed drive o kern/165428 geom [glabel][patch] Add xfs support to glabel o kern/164254 geom [geom] gjournal not stopping on GPT partitions o kern/164252 geom [geom] gjournal overflow o kern/164143 geom [geom] Partition table not recognized after upgrade R8 a kern/163020 geom [geli] [patch] enable the Camellia-XTS on GEOM ELI o kern/162690 geom [geom] gpart label changes only take effect after a re o kern/162010 geom [geli] panic: Provider's error should be set (error=0) o kern/161979 geom [geom] glabel doesn't update after newfs, and glabel s o kern/161752 geom [geom] glabel(8) doesn't get gpt label change o bin/161677 geom gpart(8) Probably bug in gptboot o kern/160562 geom [geom][patch] Allow to insert new component to geom_ra o kern/160409 geom [geli] failed to attach provider f kern/159595 geom [geom] [panic] panic on gmirror unload in vbox [regres f kern/159414 geom [isp] isp(4)+gmultipath(8) : removing active fiber pat p kern/158398 geom [headers] [patch] includes o kern/158197 geom [geom] geom_cache with size>1000 leads to panics o kern/157879 geom [libgeom] [regression] ABI change without version bump o kern/157863 geom [geli] kbdmux prevents geli passwords from being enter o kern/157739 geom [geom] GPT labels with geom_multipath o kern/157724 geom [geom] gpart(8) 'add' command must preserve gap for sc o kern/157723 geom [geom] GEOM should not process 'c' (raw) partitions fo o kern/157108 geom [gjournal] dumpon(8) fails on gjournal providers o kern/155994 geom [geom] Long "Suspend time" when reading large files fr o kern/154226 geom [geom] GEOM label does not change when you modify them o kern/150858 geom [geom] [geom_label] [patch] glabel(8) is not compatibl o kern/150626 geom [geom] [gjournal] gjournal(8) destroys label o kern/150555 geom [geom] gjournal unusable on GPT partitions o kern/150334 geom [geom] [udf] [patch] geom label does not support UDF o kern/149762 geom volume labels with rogue characters o bin/149215 geom [panic] [geom_part] gpart(8): Delete linux's slice via o kern/147667 geom [gmirror] Booting with one component of a gmirror, the o kern/145818 geom [geom] geom_stat_open showing cached information for n o kern/145042 geom [geom] System stops booting after printing message "GE o kern/143455 geom gstripe(8) in RELENG_8 (31st Jan 2010) broken o kern/142563 geom [geom] [hang] ioctl freeze in zpool o kern/141740 geom [geom] gjournal(8): g_journal_destroy concurrent error o kern/140352 geom [geom] gjournal + glabel not working o kern/135898 geom [geom] Severe filesystem corruption - large files or l o kern/134113 geom [geli] Problem setting secondary GELI key o kern/133931 geom [geli] [request] intentionally wrong password to destr o bin/132845 geom [geom] [patch] ggated(8) does not close files opened a o bin/131415 geom [geli] keystrokes are unregulary sent to Geli when typ o kern/131353 geom [geom] gjournal(8) kernel lock o kern/129674 geom [geom] gjournal root did not mount on boot o kern/129645 geom gjournal(8): GEOM_JOURNAL causes system to fail to boo o kern/129245 geom [geom] gcache is more suitable for suffix based provid o kern/127420 geom [geom] [gjournal] [panic] Journal overflow on gmirrore o kern/124973 geom [gjournal] [patch] boot order affects geom_journal con o kern/124969 geom gvinum(8): gvinum raid5 plex does not detect missing s o kern/123962 geom [panic] [gjournal] gjournal (455Gb data, 8Gb journal), o kern/123122 geom [geom] GEOM / gjournal kernel lock o kern/122738 geom [geom] gmirror list "losts consumers" after gmirror de o kern/122067 geom [geom] [panic] Geom crashed during boot o kern/121364 geom [gmirror] Removing all providers create a "zombie" mir o kern/120091 geom [geom] [geli] [gjournal] geli does not prompt for pass o kern/115856 geom [geli] ZFS thought it was degraded when it should have o kern/115547 geom [geom] [patch] [request] let GEOM Eli get password fro f kern/113957 geom [gmirror] gmirror is intermittently reporting a degrad o kern/113837 geom [geom] unable to access 1024 sector size storage o kern/113419 geom [geom] geom fox multipathing not failing back o kern/107707 geom [geom] [patch] [request] add new class geom_xbox360 to o kern/94632 geom [geom] Kernel output resets input while GELI asks for o kern/90582 geom [geom] [panic] Restore cause panic string (ffs_blkfree o bin/90093 geom fdisk(8) incapable of altering in-core geometry o kern/87544 geom [gbde] mmaping large files on a gbde filesystem deadlo o bin/86388 geom [geom] [geom_part] periodic(8) daily should backup gpa o kern/84556 geom [geom] [panic] GBDE-encrypted swap causes panic at shu o kern/79251 geom [2TB] newfs fails on 2.6TB gbde device o kern/79035 geom [vinum] gvinum unable to create a striped set of mirro o bin/78131 geom gbde(8) "destroy" not working. 75 problems total. From owner-freebsd-geom@FreeBSD.ORG Mon Dec 24 08:38:38 2012 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 084B5ACF for ; Mon, 24 Dec 2012 08:38:38 +0000 (UTC) (envelope-from bloger@ngs.ru) Received: from smtpout.ngs.ru (smtpout25.ngs.ru [195.19.71.8]) by mx1.freebsd.org (Postfix) with ESMTP id 9FC3D8FC13 for ; Mon, 24 Dec 2012 08:38:36 +0000 (UTC) Received: from localhost (5e013853.bb.sky.com [94.1.56.83]) (using SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: bloger@ngs.ru) by mail.ngs.ru (smtp) with ESMTPSA id 0F212183046 for ; Mon, 24 Dec 2012 15:38:23 +0700 (NOVT) Date: Mon, 24 Dec 2012 11:37:33 +0300 From: =?koi8-r?B?4szPx8XS?= To: freebsd-geom@freebsd.org Subject: Re: keyfile on another HDD. Message-ID: <2d5SYIH22zk1d03YPSv42Dfa@ngs.ru> References: <20121223210221.GB1436@garage.freebsd.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <20121223210221.GB1436@garage.freebsd.pl> Organization: =?koi8-r?B?4szPx8XS?= User-Agent: Mutt/1.5.18 X-Mailman-Approved-At: Mon, 24 Dec 2012 13:11:42 +0000 X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Dec 2012 08:38:38 -0000 =F7 =CF=D4=D7=C5=D4 =CE=C1 =D3=CF=CF=C2=DD=C5=CE=C9=C5 =D4=CF=D7=C1=D2=C9= =DD=C1 Pawel Jakub Dawidek, =C4=C1=D4=C9=D2=CF=D7=C1=CE=CE=CF=C5 2012-12-23 22:02: > > Is it possible to read key file from another HDD with FAT16 during > > system boot? >=20 > I assume you are asking for GELI disk encryption? Sure. I'm sorry, I miss important information. I'm talking about encrypted with GELI root files system. > would like to read key from a file for partition, which holds root file > system (so you need the key after the kernel is loaded, but before root > file system is mounted) then no, it is not currently possible. Key can :-( --=20 () =CB=C1=CD=D0=C1=CE=C9=D1 ASCII Ribbon - =D0=D2=CF=D4=C9=D7 =D0=C9=D3=C5= =CD =D7 HTML =C6=CF=D2=CD=C1=D4=C5 /\ www.asciiribbon.org - =D0=D2=CF=D4=C9=D7 =D0=D2=CF=D0=D2=C9=C5=D4=C1= =D2=CE=D9=C8 =D7=CC=CF=D6=C5=CE=C9=CA From owner-freebsd-geom@FreeBSD.ORG Mon Dec 24 15:05:29 2012 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1BAA1603 for ; Mon, 24 Dec 2012 15:05:29 +0000 (UTC) (envelope-from a@carniajeu.com) Received: from mail-oa0-f54.google.com (mail-oa0-f54.google.com [209.85.219.54]) by mx1.freebsd.org (Postfix) with ESMTP id C91A28FC13 for ; Mon, 24 Dec 2012 15:05:28 +0000 (UTC) Received: by mail-oa0-f54.google.com with SMTP id n9so6810534oag.27 for ; Mon, 24 Dec 2012 07:05:22 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:x-originating-ip:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:cc:content-type :content-transfer-encoding:x-gm-message-state; bh=PdOTMhaudQ0Hzl0tNuN50890nMy+lQPjfWM/ycTrSHk=; b=eYTJi0/3f+3d7MJ/mwLwtLB75n28ZAwWvO5+5Oxx4CWVVMDrEOUucn4gRIIk+fKFtI W/Dn+zQDW4d8NtoffuQ9WGHIb3EgXjS1ow/ezWmTRmPDBOOT232401Lltb7wiR5nWZpJ amFgqkMKO+xDbbx8a8/wUwU6Ohf9rlx6RNdwPvarjYlF6wbQ/JA8TcvbCZEEkz4//r8h We+dJSxdi1YdNSHuAIQNzgB1sXlHlhfVGEsBWYOuhsA1xDI5R1iODozCaqVEEJ6epy0v oMZblJ3aUcRyXftGzzZuD9nGWvfjaOC9lgSLCgSZVuxRp1tsNZdMuccuBXBjlAIU5mbJ CImg== MIME-Version: 1.0 Received: by 10.182.48.69 with SMTP id j5mr17784496obn.17.1356361522049; Mon, 24 Dec 2012 07:05:22 -0800 (PST) Sender: a@carniajeu.com Received: by 10.182.132.105 with HTTP; Mon, 24 Dec 2012 07:05:21 -0800 (PST) X-Originating-IP: [46.53.195.182] In-Reply-To: References: Date: Mon, 24 Dec 2012 17:05:21 +0200 X-Google-Sender-Auth: 3EfTn5s8M_9nhkFMcxMgngIHZsk Message-ID: Subject: Re: keyfile on another HDD. From: Alaksiej Carniajeu Cc: freebsd-geom@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Gm-Message-State: ALoCoQlARUlzdnJ+uBx/4YbB8RIi3hMp8zLAGSMRI5j8wr7gYCIzqxUxug+eefcdKzaLU60xU27n X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Dec 2012 15:05:29 -0000 2012/12/22 =D0=91=D0=BB=D0=BE=D0=B3=D0=B5=D1=80 : > Is it possible to read key file from another HDD with FAT16 during > system boot? > Why do you want it (if it's not a big secret)? From owner-freebsd-geom@FreeBSD.ORG Mon Dec 24 17:59:31 2012 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A473A515 for ; Mon, 24 Dec 2012 17:59:31 +0000 (UTC) (envelope-from jmg@h2.funkthat.com) Received: from h2.funkthat.com (gate2.funkthat.com [208.87.223.18]) by mx1.freebsd.org (Postfix) with ESMTP id 5BB688FC0A for ; Mon, 24 Dec 2012 17:59:31 +0000 (UTC) Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id qBOHxO0R069503 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 24 Dec 2012 09:59:24 -0800 (PST) (envelope-from jmg@h2.funkthat.com) Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id qBOHxNia069501; Mon, 24 Dec 2012 09:59:23 -0800 (PST) (envelope-from jmg) Date: Mon, 24 Dec 2012 09:59:23 -0800 From: John-Mark Gurney To: ?????? Subject: Re: keyfile on another HDD. Message-ID: <20121224175923.GM1563@funkthat.com> Mail-Followup-To: ?????? , freebsd-geom@freebsd.org References: <20121223210221.GB1436@garage.freebsd.pl> <2d5SYIH22zk1d03YPSv42Dfa@ngs.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2d5SYIH22zk1d03YPSv42Dfa@ngs.ru> User-Agent: Mutt/1.4.2.3i X-Operating-System: FreeBSD 7.2-RELEASE i386 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Mon, 24 Dec 2012 09:59:24 -0800 (PST) Cc: freebsd-geom@freebsd.org X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Dec 2012 17:59:31 -0000 ?????? wrote this message on Mon, Dec 24, 2012 at 11:37 +0300: > ? ????? ?? ????????? ???????? Pawel Jakub Dawidek, > ???????????? 2012-12-23 22:02: > > > > Is it possible to read key file from another HDD with FAT16 during > > > system boot? > > > > I assume you are asking for GELI disk encryption? > Sure. I'm sorry, I miss important information. I'm talking about > encrypted with GELI root files system. I was looking at this earlier this year. It is true that w/ how FreeBSD is currently, you cannot load key files from another disk, but I believe that with enough hacking, you can fix up the loader scripts to support it... The thing is, loader can do pretty much what you want, when you want it... It should be possible, after the kernel is loaded, to set the curdev field to your key file disk, load the keyfiles, and then possibly set curdev back to your root file system (so that rootdev is correct), and then boot... The hard part will be making it happen automaticly... I've not tried this myself, but I have in the past done strange things like this to get kernel modules from another device loaded, and keyfiles are similar... > > would like to read key from a file for partition, which holds root file > > system (so you need the key after the kernel is loaded, but before root > > file system is mounted) then no, it is not currently possible. Key can > :-( -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." From owner-freebsd-geom@FreeBSD.ORG Mon Dec 24 20:46:39 2012 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EB5DF1D2 for ; Mon, 24 Dec 2012 20:46:39 +0000 (UTC) (envelope-from bloger@ngs.ru) Received: from smtpout.ngs.ru (fallback6.ngs.ru [195.19.71.26]) by mx1.freebsd.org (Postfix) with ESMTP id 2AB988FC0A for ; Mon, 24 Dec 2012 20:46:37 +0000 (UTC) Received: from smtpout.ngs.ru (mc-spool1 [172.16.103.66]) by mc-spool1.in.ngs.ru (fallback) with ESMTP id AAA3318D461 for ; Tue, 25 Dec 2012 03:43:05 +0700 (NOVT) Received: from localhost (h-188-250.a189.priv.bahnhof.se [85.24.188.250]) (using SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: bloger@ngs.ru) by mail.ngs.ru (smtp) with ESMTPSA id 6D63F18D499 for ; Tue, 25 Dec 2012 03:42:55 +0700 (NOVT) Date: Mon, 24 Dec 2012 23:42:22 +0300 From: =?koi8-r?B?4szPx8XS?= To: freebsd-geom@freebsd.org Subject: Re: keyfile on another HDD. Message-ID: <28wriS8X933a6ogk9D6qhL8f@ngs.ru> References: MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Organization: =?koi8-r?B?4szPx8XS?= User-Agent: Mutt/1.5.18 X-Mailman-Approved-At: Mon, 24 Dec 2012 21:20:41 +0000 X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Dec 2012 20:46:40 -0000 В ответ на сообщение товарища Alaksiej Carniajeu, датированное 2012-12-24 17:05: > > Is it possible to read key file from another HDD with FAT16 during > > system boot? > > Why do you want it (if it's not a big secret)? For security and practical reason. It will be more easy to hide and copy back (make available) my key when I need it. I have another question: how long (in bytes) can be geli key file? -- () кампания ASCII Ribbon - против писем в HTML формате /\ www.asciiribbon.org - против проприетарных вложений From owner-freebsd-geom@FreeBSD.ORG Fri Dec 28 12:59:28 2012 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 090D9BDE for ; Fri, 28 Dec 2012 12:59:28 +0000 (UTC) (envelope-from pawel@dawidek.net) Received: from mail.dawidek.net (garage.dawidek.net [91.121.88.72]) by mx1.freebsd.org (Postfix) with ESMTP id BAA878FC17 for ; Fri, 28 Dec 2012 12:59:27 +0000 (UTC) Received: from localhost (89-73-195-149.dynamic.chello.pl [89.73.195.149]) by mail.dawidek.net (Postfix) with ESMTPSA id 04028BCD; Fri, 28 Dec 2012 13:57:11 +0100 (CET) Date: Fri, 28 Dec 2012 13:59:32 +0100 From: Pawel Jakub Dawidek To: =?utf-8?B?0JHQu9C+0LPQtdGA?= Subject: Re: keyfile on another HDD. Message-ID: <20121228125931.GB5028@garage.freebsd.pl> References: <28wriS8X933a6ogk9D6qhL8f@ngs.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="s2ZSL+KKDSLx8OML" Content-Disposition: inline In-Reply-To: <28wriS8X933a6ogk9D6qhL8f@ngs.ru> X-OS: FreeBSD 10.0-CURRENT amd64 User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-geom@freebsd.org X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Dec 2012 12:59:28 -0000 --s2ZSL+KKDSLx8OML Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Dec 24, 2012 at 11:42:22PM +0300, =D0=91=D0=BB=D0=BE=D0=B3=D0=B5=D1= =80 wrote: > =D0=92 =D0=BE=D1=82=D0=B2=D0=B5=D1=82 =D0=BD=D0=B0 =D1=81=D0=BE=D0=BE=D0= =B1=D1=89=D0=B5=D0=BD=D0=B8=D0=B5 =D1=82=D0=BE=D0=B2=D0=B0=D1=80=D0=B8=D1= =89=D0=B0 Alaksiej Carniajeu, > =D0=B4=D0=B0=D1=82=D0=B8=D1=80=D0=BE=D0=B2=D0=B0=D0=BD=D0=BD=D0=BE=D0=B5 = 2012-12-24 17:05: >=20 > > > Is it possible to read key file from another HDD with FAT16 during > > > system boot? > >=20 > > Why do you want it (if it's not a big secret)? > For security and practical reason. It will be more easy to hide and copy > back (make available) my key when I need it. >=20 > I have another question: how long (in bytes) can be geli key file? There is no limit on keyfile size. geli(8) reads entire thing and adds everything to HMAC along the way. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --s2ZSL+KKDSLx8OML Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlDdl7MACgkQForvXbEpPzQEzACcDZ/Q0hJORNSU3d7g3V1KfD3R LZ8AoMXo7J/qVsWdRLwGOGMcdDbIkcE1 =MUAz -----END PGP SIGNATURE----- --s2ZSL+KKDSLx8OML--