Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 05 Nov 2024 16:46:21 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 282567] [geli] geli setkey can clear key components, perfectory
Message-ID:  <bug-282567-227-LBRmmvj2HP@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-282567-227@https.bugs.freebsd.org/bugzilla/>
References:  <bug-282567-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D282567

Norikatsu Shigemura <nork@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|]                           |[geli] geli setkey can
                   |                            |clear key components,
                   |                            |perfectory

--- Comment #1 from Norikatsu Shigemura <nork@FreeBSD.org> ---
I tested following case as a bug of "geli setkey":

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -=
 -
# truncate -s 1M testfile
# # mdconfig -f testfile
md0
# geli init -e AES-XTS -l 256 -B none -s 4096 md0
Enter new passphrase:
Reenter new passphrase:
# geli attach md0
Enter passphrase:
# geli setkey -i $((65536*65536-1)) md0
Enter new passphrase:
Reenter new passphrase:
Note, that the master key encrypted with old keys and/or passphrase may sti=
ll
exist in a metadata backup file.
# geli detach md0
# geli attach md0
geli: Missing -p flag.
geli: There was an error with at least one provider.
# geli attach -p md0
geli: No key components given.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -=
 -

I found this issue because I tried reset passphrase key like "geli setkey -k
keyfile -P md0".
But I couldn't reset passphrase, so I noticed that the "md_iterations" does=
n't
reset to -1 (=3D 2^32-1 =3D 65536*65536-1).

SEE ALSO: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D196834

So there is a bug of "geli setkey -P doesn't reset md_iterations" yet.

To reset iterations, "geli setkey -P" should reset the md_iteratitons, or
describe how to reset passphrase by setting iterations and save no key
compoents status.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-282567-227-LBRmmvj2HP>