From owner-freebsd-questions@freebsd.org Fri May 19 16:15:17 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1FAF9D7374D for ; Fri, 19 May 2017 16:15:17 +0000 (UTC) (envelope-from mfv@bway.net) Received: from smtp2.bway.net (smtp2.bway.net [216.220.96.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F0B4010AA for ; Fri, 19 May 2017 16:15:16 +0000 (UTC) (envelope-from mfv@bway.net) Received: from gecko4 (host-216-220-115-148.dsl.bway.net [216.220.115.148]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: m1316v@bway.net) by smtp2.bway.net (Postfix) with ESMTPSA id D095D95876; Fri, 19 May 2017 12:15:14 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bway.net; s=mail; t=1495210514; bh=+izThLW4gEAsFPW9qXRozIblN+ksV4C+NQPewI6lElM=; h=Date:From:To:Cc:Subject:In-Reply-To:References:Reply-To; b=gc/O6ynLrVWHhStaG4i45KtP/w7iKeMc+kUFUnclKD5NnzOz7jY9Eo9beGTqQoEDl q8uAWP0CBAm1sTEMPjVPgQhS7n+xTp5PZmM60hucW4auiaHtWhSJTDS1gAtRWQgdW3 EusRIL2EY4CybCIhrtBlLhx/G0qeWCplWH1EhiUs= Date: Fri, 19 May 2017 12:15:14 -0400 From: mfv To: RW via freebsd-questions Cc: RW Subject: Re: GnuPG smart card && geli Message-ID: <20170519121514.21469751@gecko4> In-Reply-To: <20170519161416.68df0fc8@gumby.homeunix.com> References: <20170517103822.GB16462@c720-r314251> <20170519101806.1674fda0@gecko4> <20170519161416.68df0fc8@gumby.homeunix.com> Reply-To: mfv@bway.net MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 May 2017 16:15:17 -0000 > On Fri, 2017-05-19 at 16:14 RW via freebsd-questions > wrote: > >On Fri, 19 May 2017 10:19:06 -0400 >mfv via freebsd-questions wrote: > > >> >This would lead to a system (netbook) which never can be booted or >> >otherwise data read from and you can only boot it with the USB boot >> >key, the USB GnuPG-card and the PIN (normally 6 digits). > > >6 digits doesn't sound very secure. > >> >Any comments on this? >> > >> > matthias >> > >> >> Hello Matthias, >> >> I agree with your idea. Some time ago I did some research to find >> out a method to read the password from a USB memory stick but was not >> successful. I was not concerned with disk encryption, just wanted a >> very long password, automatic login and no system access without a >> hardware key. > >A geli device can be set-up to use a passphrase and/or a passfile. You >could just put the passfile on a memory stick and not use >a passphrase at all. > >FWIW I use a passfile to attach geli encrypted partitions, but the >passfile is stored in a small geli encrypted file-backed md device >that's passphrase protected. I did this just to avoid having to type >any more than I need to, but that backing file could just as easily be >on a memory stick. > >_______________________________________________ >freebsd-questions@freebsd.org mailing list >https://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to >"freebsd-questions-unsubscribe@freebsd.org" Hello RW, Is it possible to automatically read a password/passfile during boot up from a USB memory stick without geli? If so, how? Cheers ... Marek