From owner-freebsd-geom@freebsd.org Sun Aug 18 22:30:21 2019 Return-Path: Delivered-To: freebsd-geom@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C6313D3036 for ; Sun, 18 Aug 2019 22:30:21 +0000 (UTC) (envelope-from a@carniajeu.com) Received: from mail-yw1-xc2c.google.com (mail-yw1-xc2c.google.com [IPv6:2607:f8b0:4864:20::c2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46BWwD36qWz439n for ; Sun, 18 Aug 2019 22:30:20 +0000 (UTC) (envelope-from a@carniajeu.com) Received: by mail-yw1-xc2c.google.com with SMTP id n205so3538906ywb.10 for ; Sun, 18 Aug 2019 15:30:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=belngo-info.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:cc; bh=mpYOIUKJIO5u5+OpAiFSxPBiIqHiMuXZKOU1dyZ67SU=; b=UjPNGT6+JG0uqiXA4plmoRzeBjCM+/vHCCNBii4hzL30VCuGbHVVlZZAzjVW4iBHEI w33BARcKgcDCaFdvAFH068sxioRpMEZCc34oeDLoyK+aPr0MvUX4zSugy/Bc2e7cqsii ifHtHqR8amLDOKhNzB4XfMlAiD/PnmOq0tmhNa6aiFH7fgJq6udxHw+tYjwfin3SMcPE 9/PHn3e69f3260/dBYpFocA63NMiHsENWhH2wesF7csyH2/991qMIuBoNqXIrk2n3fbe m/oBOs02NxFUMoM8aDRvlIXow+qDFpU9C36NQosZpjTivzubn4UebsBQa/AH2SEA1bem 1GbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:cc; bh=mpYOIUKJIO5u5+OpAiFSxPBiIqHiMuXZKOU1dyZ67SU=; b=lS9LRkHVTkbstGD2iDeCThnrz5SUn3Ckui4hLk8JX7gJ2Is6AxRPrzvYI/XPKzNHG2 AdDwFJRVX39XqVElLB6H+w58FecFF2AxVenufVhWIDI6OUSmnKJmvQB1U8zRI/GRXk2I EZJum9scmnSrHbWRVKgjghHCIceuVXkmfDXtkvzMsDf3AZ8T9fGnwQOXGu3eizwGgbfj M5XsPrMzrXJ42XqG4O6ZhMYqE443O41fM7kCw5hX4mA0PloemWgR2BuEoVUu7cnq69yB VW75pf1csXKGlV3eCBQ7S+4ZiDNmYQnpgZ4WjXqfBroowxr7+Tp8ifgCXdGayuXdGtpy DwEg== X-Gm-Message-State: APjAAAVvgK/DUVay+5mW4gpYTknoPV9Eb027JXsIVrxwNPI6STzs6PBE 42qZQmf1JAO/lRS6Ongtz2Js3D4+ryPsmM30M+W3E2rn9oM= X-Google-Smtp-Source: APXvYqw0uRrEPPJk2Ah1GVOB6T2ERlWg9bNlvGNULHrhlpyOyGnYXiNeShXXLG/iE4kVWJfSn4Amm/39GP0rxb1hqSA= X-Received: by 2002:a81:7b41:: with SMTP id w62mr12069641ywc.383.1566167419011; Sun, 18 Aug 2019 15:30:19 -0700 (PDT) MIME-Version: 1.0 References: <20190818154602.00003fa8@executive-computing.de> <96f3e2f5-ab4c-19c9-2f68-e42bb0e8aab4@cyberleo.net> <20190818210531.00006ffa@executive-computing.de> In-Reply-To: <20190818210531.00006ffa@executive-computing.de> From: Alaksiej Date: Mon, 19 Aug 2019 01:29:59 +0300 Message-ID: Subject: Re: 11.3: GELI attach: Wrong key despite correct passphrase Cc: freebsd-geom X-Rspamd-Queue-Id: 46BWwD36qWz439n X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=belngo-info.20150623.gappssmtp.com header.s=20150623 header.b=UjPNGT6+; dmarc=none; spf=none (mx1.freebsd.org: domain of a@carniajeu.com has no SPF policy when checking 2607:f8b0:4864:20::c2c) smtp.mailfrom=a@carniajeu.com X-Spamd-Result: default: False [-0.96 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.11)[-0.112,0]; R_DKIM_ALLOW(-0.20)[belngo-info.20150623.gappssmtp.com:s=20150623]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-geom@freebsd.org]; DMARC_NA(0.00)[belngo.info]; URI_COUNT_ODD(1.00)[3]; RCPT_COUNT_ONE(0.00)[1]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[belngo-info.20150623.gappssmtp.com:+]; NEURAL_SPAM_LONG(0.10)[0.099,0]; RCVD_IN_DNSWL_NONE(0.00)[c.2.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; MISSING_TO(2.00)[]; NEURAL_HAM_SHORT(-0.98)[-0.981,0]; R_SPF_NA(0.00)[]; FORGED_SENDER(0.30)[ac@belngo.info,a@carniajeu.com]; MIME_TRACE(0.00)[0:+,1:+,2:~]; IP_SCORE(-2.97)[ip: (-9.46), ipnet: 2607:f8b0::/32(-2.95), asn: 15169(-2.38), country: US(-0.05)]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_NEQ_ENVFROM(0.00)[ac@belngo.info,a@carniajeu.com]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Aug 2019 22:30:21 -0000 Hello Marco, To the best of my knowledge geli in 11.3 should be absolutely capable to attach geom created in 11.1. So when the utility reports "Wrong key" there's a big chance it is telling you truth, and something in the key data you are supplying to it is wrong. Key data here can be either password, or key(s), or password + key(s). CyberLeo's suggestion is that maybe your 11.1-created SSD doesn't require password at all. Which can be reasonable guess if, for example, both disks were used in the same computer, and you were asked for your password just once every boot. (Your initial message is not specific on how those SSDs were used). If it's not the case, then we should suspect key(s) part. Check the /boot/loader.conf file on 11.1-created SSD: are there any geli_*_keyfile_* lines? On Sun, Aug 18, 2019 at 10:05 PM Marco Steinbach < coco@executive-computing.de> wrote: > On Sun, 18 Aug 2019 10:20:51 -0500 > CyberLeo Kitsana wrote: > > > On 8/18/19 8:46 AM, Marco Steinbach wrote: > > > Hi. > > > > > > I have two bootable SSDs, both installed using a GELI encrypted > > > root on ZFS. > > > > > > > > > I've then imported the bootpool from da0, and mounted it, so I can > > > try using the key in boot/ > > > > > > root@bsdbuch:~ # geli attach -k /bootpool/boot/ada0p5.eli /dev/da0p5 > > > Enter passphrase: > > > geli: Wrong key for da0p5. > > > > Did you intend on combining both a keyfile AND a passphrase here? If > > not, include the -p option to instruct geli to avoid asking for a > > passphrase to mix in. > > > > It might also help to include the output of 'geli dump' for both of > > the affected providers. You can obscure the 'Salt' and 'Master Key' > > portions if you so desire. > > > > I think there's a misunderstanding. > > I merely want to attach the GELI created by the 11.1 installer to a > newly installed 11.3 system. > > MfG CoCo > > _______________________________________________ > freebsd-geom@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-geom > To unsubscribe, send any mail to "freebsd-geom-unsubscribe@freebsd.org" >