Date: Mon, 6 Mar 2006 12:58:44 +0100 (CET) From: Christian Baer <christian.baer@informatik.uni-dortmund.de> To: freebsd-geom@freebsd.org Subject: Re: Changing geli-providers from passphrase to keyfile Message-ID: <duh85k$uv8$5@nermal.rz1.convenimus.net> References: <duh4l6$uv8$3@nermal.rz1.convenimus.net> <20060306113000.GC53437@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 6 Mar 2006 12:30:00 +0100 Pawel Jakub Dawidek wrote: > No, this is not possible and AFAIR we discussed it in the last already. Actually, no we didn't. :-) > I'm not planning to add gbde(8)'s -p/-P options, because they only > create confusion - they were designed to be used for testing and now are > used in eg. /etc/rc.d/encswap. I didn't want that. :-) Just to clarify this: What I asked for in the mail was to let geli accept the passphrase from the standard input, just as it accepts the keyfile. I know I messed up completely while expressing this, sorry about that. What I was trying to get was to make this: echo "password" | geli -k - /dev/ad0 work with passphrases too, so I could pipe a passphrase to geli as I can a keyfile (like above). geli ignores anything piped to it in this way when it only expects a passphrase. You told me in that Email you are refering to, that you didn't want to implement that - and I am not complaining, please don't get me wrong here. I didn't know that geli would take passphrases piped to it when I initialized the providers (I wrote the script when they were all finished). I grabbed up your idea with the script: pass_da0=`echo "0${passphrase}0" | sha256` pass_da1=`echo "1${passphrase}1" | sha256` pass_da2=`echo "2${passphrase}2" | sha256` echo "${pass_da0}" | geli attach -k - da0 echo "${pass_da1}" | geli attach -k - da1 echo "${pass_da2}" | geli attach -k - da2 and found that it didn't work without the -k option. My mistake, I know. What I am basicly asking now, is if there is some way for me to use the -k option (like in your script about) while attaching the providers without having to copy all the data off the drives and initilising the providers from scratch. Since were are taking about quite a lot of drive space here, this could take pretty long. Sorry for being unclear the first time around. I hope I did a better job this time! Regards Christian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?duh85k$uv8$5>