From owner-freebsd-geom@FreeBSD.ORG Sat Jun 9 23:36:16 2012 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2EF5A106564A for ; Sat, 9 Jun 2012 23:36:16 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id AAD9A8FC16 for ; Sat, 9 Jun 2012 23:36:15 +0000 (UTC) Received: by wgbds11 with SMTP id ds11so2009845wgb.31 for ; Sat, 09 Jun 2012 16:36:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=NqnXv1JCwGBEa2z3ujXq7J6XW/hEIXSVt1ypBkq6eyU=; b=BBYjCDge79zcWIr0E9gAxyHsdB+sgoH4hJVTzhZpZagmRNayK6CzMOvL1/TdoWVKgk ue3OTSii3keSjmiA7kKVHHYly2u/EyfDZekzkHhKMnV/FNu6eU9/fYk6u1wpHinLwdZe TWmUNQkzpMBU7lBJC3C1ze0SoakIXYWEZOLcx86L/GbMtBQGP7XWv+x/2dLf7G6SZLrr ZxpaSdXzSeeYENJMIojty649fIRYDpb0khUDX61BtCJycSw7gVEiTK4OHxcLbZSTUCuh mjMyd6Zk6NaaUUavxa3A+zFDNQ7OCCeZzq9xF/JzeIZGvL7UyOx20r1K4oTyF18kZ+98 +yDQ== Received: by 10.216.144.216 with SMTP id n66mr3697057wej.107.1339284974486; Sat, 09 Jun 2012 16:36:14 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id f19sm20086657wiw.11.2012.06.09.16.36.12 (version=SSLv3 cipher=OTHER); Sat, 09 Jun 2012 16:36:13 -0700 (PDT) Date: Sun, 10 Jun 2012 00:36:11 +0100 From: RW To: freebsd-geom@freebsd.org Message-ID: <20120610003611.23cba4c7@gumby.homeunix.com> In-Reply-To: <4FD3B8D5.7030906@saltant.com> References: <4FD3B8D5.7030906@saltant.com> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Scope and purpose of each kind geli key X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 23:36:16 -0000 On Sat, 09 Jun 2012 16:57:57 -0400 John W. O'Brien wrote: > There is exactly one Master Key per provider, and it never changes for > the life of the provider. It is generated in userland upon init (or > onetime) and the user can select the key length (-l). I think it's fixed at 512 bits and -l determines the key size of the actual encryption algorithm. > Storage Key per 2^20 blocks. A block's offset is used as an > Initialization Vector (IV) when encrypting or decrypting its data with > the applicable Storage Key. I thought that the IV came from a hash that includes the offset, but I'm not sure. > > For my sake and the sake of future mailing list archaeologists, are > there any errors or significant ambiguities in my description? Once > I've addressed any problems, would this, or something like it, be a > welcome addition to the manpage and/or the Handbook? IMO this is far too much information for the man page or handbook - it might be turned into an article though. What I think is important is that the user understands that the actual encryption derives from a fixed master key and there are two encrypted copies of this, each encrypted with one of the user keys. The above is important to understand because it removes a lot of confusion about what the user keys do and what happens when you change passphrase. It's important to know that changing a compromised user key is ineffective if the metadata has also been compromised. I don't see anything else helps to understand how to use geli, it just buries the useful bit.