Date: Fri, 17 Feb 2023 14:52:06 -0800 From: Mel Pilgrim <list_freebsd@bluerosetech.com> To: grarpamp <grarpamp@gmail.com>, freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-23:01.geli Message-ID: <88b49b58-d6af-0ea1-dd74-b44c5842c2fc@bluerosetech.com> In-Reply-To: <CAD2Ti2-K7LeWWSRas_G3pB56V5qApn7cPr37hQDb%2Br-wCpm6MA@mail.gmail.com> References: <20230208190833.1DF6F8824@freefall.freebsd.org> <d9a388ec-4e29-1423-e168-3d05c310e099@bluerosetech.com> <CAGOYWV_26qGLPO%2BZNL6N8p57JhguU=heYQ3ejQqqvFJzYXwv-A@mail.gmail.com> <86f2e6b1-aeef-2472-eeb2-42bee64ac812@bluerosetech.com> <CAD2Ti2-K7LeWWSRas_G3pB56V5qApn7cPr37hQDb%2Br-wCpm6MA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2023-02-16 17:27, grarpamp wrote: > On 2/15/23, Mel Pilgrim <list_freebsd@bluerosetech.com> wrote: >> # echo -n | geli attach -C -p -k - gpt/zdata15 >> geli: Wrong key for gpt/zdata15. >> geli: There was an error with at least one provider. > > That test failed so the "empty" or "NULL" key (aka "echo -n") > is not the key. These should not work either > > printf '' | geli > printf '\000' > printf '\n' > printf ' ' > printf 'notthekey' > > and only > > cat /path/to/your/keyfile | geli > > should work. Thank you for the clarification. I tested all of my geli devices and indeed anything I try other than the correct keyfile for that device produces that error so I'm assuming that means I don't need to re-crypt things.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?88b49b58-d6af-0ea1-dd74-b44c5842c2fc>