Date: Tue, 27 Sep 2016 16:16:13 +0200 From: Fabian Keil <freebsd-listen@fabiankeil.de> To: Shamim Shahriar <shamim.shahriar@gmail.com> Cc: "freebsd-questions@FreeBSD.org" <freebsd-questions@freebsd.org> Subject: Re: geli setkey n 1 anomaly :: or am I missing something Message-ID: <20160927161613.38d87336@fabiankeil.de> In-Reply-To: <CAOyJeZS38K5tHMhqu-q8rBZ%2BY43dJmCkgdqVLKbqmLx_R8xcEg@mail.gmail.com> References: <CAOyJeZTv6pawc4Uggk7bNb1ATa0mS-usw_c4G=5qW-n-Vqv8VQ@mail.gmail.com> <CAOyJeZS38K5tHMhqu-q8rBZ%2BY43dJmCkgdqVLKbqmLx_R8xcEg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/yrD0Xdw4MuNNrfYUwRvVyng Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Shamim Shahriar <shamim.shahriar@gmail.com> wrote: > Good afternoon all, I am having some difficulty with geli. I am trying to > set up an encrypted provider for my users, using the setkey feature, but = it > is not working. >=20 > system: FreeBSD 11-RC3 >=20 > from the man page > Create an encrypted provider, but use two User Keys: one for your > employee and one for you as the company's security officer (so it is > not > a tragedy if the employee "accidentally" forgets his passphrase): >=20 > # geli init /dev/da2 > Enter new passphrase: (enter security officer's passphrase) > Reenter new passphrase: > # geli setkey -n 1 /dev/da2 > Enter passphrase: (enter security officer's passphrase) > Enter new passphrase: (let your employee enter his passphrase > ...) > Reenter new passphrase: (... twice) >=20 > Following this path, I have encrypted a provider, ada0p4 >=20 > # geli init -e aes-xts -l 256 -K geli.key /dev/ada0p4 >=20 > Enter new passphrase: # I enter my passphrase > Reenter new passphrase: # I re-enter my passphrase >=20 > all is good. >=20 > Now, I am trying to set up the passphrase for the colleague > # geli setkey n 1 -k geli.key /dev/ada0p4 > Enter passphrase: # entered my passphrase > Enter new passphrase: # entered colleague's passphrase > Reenter new passphrase: # re-entered colleague's passphrase You probably meant to add "-K geli.key" to also use a keyfile for the second slot. > As I try to attach using colleague's passphrase, I get a Wrong key error. > My key works fine. >=20 > # geli attach -k geli.key /dev/ada0p4 > Enter passphrase: # I put colleague's passphrase > Wrong key This is expected as no keyfile has been configured for the second slot. Fabian --Sig_/yrD0Xdw4MuNNrfYUwRvVyng Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlfqfy4ACgkQBYqIVf93VJ35HwCgi2sCeKCzGV3kTvuYFpoHkdON DDAAnRnuiABdcHi8n7d6UePscHpT1/+N =f+P4 -----END PGP SIGNATURE----- --Sig_/yrD0Xdw4MuNNrfYUwRvVyng--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160927161613.38d87336>