From owner-freebsd-geom@FreeBSD.ORG Mon Mar 6 12:01:29 2006 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F5BF16A420 for ; Mon, 6 Mar 2006 12:01:29 +0000 (GMT) (envelope-from gcubfg-freebsd-geom@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id E901B43D62 for ; Mon, 6 Mar 2006 12:01:14 +0000 (GMT) (envelope-from gcubfg-freebsd-geom@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1FGEOe-0006PU-0O for freebsd-geom@freebsd.org; Mon, 06 Mar 2006 13:01:04 +0100 Received: from p508c266a.dip0.t-ipconnect.de ([80.140.38.106]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 06 Mar 2006 13:01:04 +0100 Received: from christian.baer by p508c266a.dip0.t-ipconnect.de with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 06 Mar 2006 13:01:04 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-geom@freebsd.org From: Christian Baer Date: Mon, 6 Mar 2006 12:58:44 +0100 (CET) Organization: Convenimus Projekt Lines: 55 Message-ID: References: <20060306113000.GC53437@garage.freebsd.pl> X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: p508c266a.dip0.t-ipconnect.de User-Agent: slrn/0.9.8.1 (FreeBSD) Sender: news Subject: Re: Changing geli-providers from passphrase to keyfile X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Mar 2006 12:01:29 -0000 On Mon, 6 Mar 2006 12:30:00 +0100 Pawel Jakub Dawidek wrote: > No, this is not possible and AFAIR we discussed it in the last already. Actually, no we didn't. :-) > I'm not planning to add gbde(8)'s -p/-P options, because they only > create confusion - they were designed to be used for testing and now are > used in eg. /etc/rc.d/encswap. I didn't want that. :-) Just to clarify this: What I asked for in the mail was to let geli accept the passphrase from the standard input, just as it accepts the keyfile. I know I messed up completely while expressing this, sorry about that. What I was trying to get was to make this: echo "password" | geli -k - /dev/ad0 work with passphrases too, so I could pipe a passphrase to geli as I can a keyfile (like above). geli ignores anything piped to it in this way when it only expects a passphrase. You told me in that Email you are refering to, that you didn't want to implement that - and I am not complaining, please don't get me wrong here. I didn't know that geli would take passphrases piped to it when I initialized the providers (I wrote the script when they were all finished). I grabbed up your idea with the script: pass_da0=`echo "0${passphrase}0" | sha256` pass_da1=`echo "1${passphrase}1" | sha256` pass_da2=`echo "2${passphrase}2" | sha256` echo "${pass_da0}" | geli attach -k - da0 echo "${pass_da1}" | geli attach -k - da1 echo "${pass_da2}" | geli attach -k - da2 and found that it didn't work without the -k option. My mistake, I know. What I am basicly asking now, is if there is some way for me to use the -k option (like in your script about) while attaching the providers without having to copy all the data off the drives and initilising the providers from scratch. Since were are taking about quite a lot of drive space here, this could take pretty long. Sorry for being unclear the first time around. I hope I did a better job this time! Regards Christian