From owner-freebsd-geom@freebsd.org Sun Aug 18 22:27:47 2019 Return-Path: Delivered-To: freebsd-geom@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BC4A6D2FCF for ; Sun, 18 Aug 2019 22:27:47 +0000 (UTC) (envelope-from woodsb02@gmail.com) Received: from mail-vs1-xe2d.google.com (mail-vs1-xe2d.google.com [IPv6:2607:f8b0:4864:20::e2d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46BWsG5sz4z437b for ; Sun, 18 Aug 2019 22:27:46 +0000 (UTC) (envelope-from woodsb02@gmail.com) Received: by mail-vs1-xe2d.google.com with SMTP id c7so7087686vse.11 for ; Sun, 18 Aug 2019 15:27:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LDAMXFLWJKwhSek+26qyKvzGYmcxrLAscCAbirzEMK8=; b=R5rTzyvEK/nnWCL2OF7qcGBbbkOJnqSjj8fF7yF5MZurB6yeBgD8J8msTdHKK1JcQM 85VDx2hf278xatS6pz30j+zxnoR2aElpWnCBkKiddOJYg7MO7Q8qEEg0rabawpQZjYLK JmekAV/u/qOqh6V0zunNQuTw2i90oxai8cflwC84/qCwiU/FFPBzbzJhfYyL3nz2rgXl Eom9JKDeFZp6YF4SFl5DO/ecneayWn4KapvymmL4cygTu9LfSCUMynWJ0KWuuIzN64TS v4/+0rmMcvM9sKABow8MGtsTaDbL4sd+9j7PtLM08cH1TolekkIz0fIDZ0OzOl4jbM7/ T2xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LDAMXFLWJKwhSek+26qyKvzGYmcxrLAscCAbirzEMK8=; b=ZhZf0EgxRjdt7YSuR2Xv0EGeQMTnkNtarknnXp1FuJS1ZDG9iYbfkSFAobDVMa7BJa CpszvVU2iR8N8X4/JzrywSrt/Ma4YhiYeHdJeE71giyZw2tc0hTk15FPYHZqIOzqIzV2 ApHCg6tOZvXoEm6cKMwsd66/ewpiz6UgxFFom1he3kROElBqsbMEmf7EPCpHFTQIY6lM R5TUEKUwX9Yluvj/qq4XpE5ZhNaZRHB+bM1fCABA9V6M1rPi5cWxshhK+Hldw6BzfpJd iNOFvfrNB7I29DcNCn4pMZYk1GXlUluMiUFzoMbiNYVnX9zms6UoE19RTI8ItlEAgACE 129A== X-Gm-Message-State: APjAAAW73y1c8N8JzIvOGA5zEoy/XQ3jFrLR0rITS0Va9ExOddp2DoUK WQfuGF9EQL6qJu7/FQJIenTdNbi9zNdNJokN8fg7gw== X-Google-Smtp-Source: APXvYqwFCvUc9Ap87jAKZ9i+3ttgbyw7QsQGtuzvKQTiUEWFwrJb4QM2TdmnVzZuYNIJ2SgvRP4QiQ6KXRLwiOhFP1U= X-Received: by 2002:a67:ce83:: with SMTP id c3mr11515906vse.98.1566167265443; Sun, 18 Aug 2019 15:27:45 -0700 (PDT) MIME-Version: 1.0 References: <20190818154602.00003fa8@executive-computing.de> <96f3e2f5-ab4c-19c9-2f68-e42bb0e8aab4@cyberleo.net> <20190818210531.00006ffa@executive-computing.de> In-Reply-To: <20190818210531.00006ffa@executive-computing.de> From: Ben Woods Date: Mon, 19 Aug 2019 06:27:34 +0800 Message-ID: Subject: Re: 11.3: GELI attach: Wrong key despite correct passphrase To: Marco Steinbach Cc: freebsd-geom@freebsd.org X-Rspamd-Queue-Id: 46BWsG5sz4z437b X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=R5rTzyvE; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of woodsb02@gmail.com designates 2607:f8b0:4864:20::e2d as permitted sender) smtp.mailfrom=woodsb02@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; URI_COUNT_ODD(1.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-1.00)[-0.995,0]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(0.00)[ip: (-9.73), ipnet: 2607:f8b0::/32(-2.95), asn: 15169(-2.38), country: US(-0.05)]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-geom@freebsd.org]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[d.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Aug 2019 22:27:47 -0000 On Mon, 19 Aug 2019 at 3:05 am, Marco Steinbach wrote: > On Sun, 18 Aug 2019 10:20:51 -0500 > CyberLeo Kitsana wrote: > > > On 8/18/19 8:46 AM, Marco Steinbach wrote: > > > Hi. > > > > > > I have two bootable SSDs, both installed using a GELI encrypted > > > root on ZFS. > > > > > > > > > I've then imported the bootpool from da0, and mounted it, so I can > > > try using the key in boot/ > > > > > > root@bsdbuch:~ # geli attach -k /bootpool/boot/ada0p5.eli /dev/da0p5 > > > Enter passphrase: > > > geli: Wrong key for da0p5. > > > > Did you intend on combining both a keyfile AND a passphrase here? If > > not, include the -p option to instruct geli to avoid asking for a > > passphrase to mix in. > > > > It might also help to include the output of 'geli dump' for both of > > the affected providers. You can obscure the 'Salt' and 'Master Key' > > portions if you so desire. > > > > I think there's a misunderstanding. > > I merely want to attach the GELI created by the 11.1 installer to a > newly installed 11.3 system. > > MfG CoCo Indeed, but what secrets do you need to provide to decrypt the geli providers (passphrase, passfile, keyfile)? The command above will use both a keyfile and prompt for a passphrase - was this your intention? The =E2=80=9Cattach=E2=80=9D section of this manpage has more details if re= quired: https://man.freebsd.org/geli Cheers, Ben > -- -- From: Benjamin Woods woodsb02@gmail.com