From owner-freebsd-questions@FreeBSD.ORG Sat Sep 20 02:53:30 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4393A106566B for ; Sat, 20 Sep 2008 02:53:30 +0000 (UTC) (envelope-from vinny-mail-01+f.questions20080919@palaceofretention.ca) Received: from www.giovannetti.ca (www.giovannetti.ca [206.248.136.48]) by mx1.freebsd.org (Postfix) with ESMTP id 0E5B48FC14 for ; Sat, 20 Sep 2008 02:53:29 +0000 (UTC) (envelope-from vinny-mail-01+f.questions20080919@palaceofretention.ca) Received: from the.palaceofretention.ca (intgateway.palaceofretention.ca [10.10.10.42]) by www.giovannetti.ca (Postfix) with ESMTP id 9308B11438 for ; Fri, 19 Sep 2008 22:31:47 -0400 (EDT) Message-ID: <48D45F98.6030504@palaceofretention.ca> Date: Fri, 19 Sep 2008 22:27:36 -0400 From: Vinny User-Agent: Thunderbird 2.0.0.14 (X11/20080513) MIME-Version: 1.0 To: User Questions Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: geli authentication algo and newfs weirdness X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Sep 2008 02:53:30 -0000 Hello Everyone, I've been reading up on geli and decided I wanted to use data authentication. This involves the -a switch on the geli init command. Here's what I've found: ===== No authentication (the disk size is correct @ 152G): the/root{143}~# geli init da1 Enter new passphrase: Reenter new passphrase: the/root{144}~# geli attach da1 Enter passphrase: the/root{147}~# newfs -N /dev/da1.eli /dev/da1.eli: 152627.8MB (312581804 sectors) block size 16384, fragment size 2048 using 831 cylinder groups of 183.77MB, 11761 blks, 23552 inodes. super-block backups (for fsck -b #) at: 160, 376512, 752864, ... the/root{148}~# newfs /dev/da1.eli /dev/da1.eli: 152627.8MB (312581804 sectors) block size 16384, fragment size 2048 using 831 cylinder groups of 183.77MB, 11761 blks, 23552 inodes. super-block backups (for fsck -b #) at: 160, 376512, 752864, 1129216, ... ===== With hmac/sha256 (or any other) authentication (small disk size 76G) : the/root{156}~# geli init -a hmac/sha256 /dev/da1 Enter new passphrase: Reenter new passphrase: the/root{157}~# the/root{157}~# geli attach da1 Enter passphrase: the/root{159}~# newfs -N /dev/da1.eli /dev/da1.eli: 76313.9MB (156290900 sectors) block size 16384, fragment size 2048 using 416 cylinder groups of 183.77MB, 11761 blks, 23552 inodes. super-block backups (for fsck -b #) at: 160, 376512, 752864, ... the/root{163}~# newfs /dev/da1.eli /dev/da1.eli: 76313.9MB (156290900 sectors) block size 16384, fragment size 2048 using 416 cylinder groups of 183.77MB, 11761 blks, 23552 inodes. newfs: can't read old UFS1 superblock: read error from block device: Invalid argument the/root{110}~# geli dump -v da1 Metadata on da1: magic: GEOM::ELI version: 3 flags: 0x10 ealgo: AES-CBC keylen: 128 aalgo: HMAC/SHA256 provsize: 160041885696 sectorsize: 512 keys: 0x01 iterations: 67988 Salt: c708 ===== Anyone know what I've done wrong? Is data authentication working? Thanks! Vinny