From owner-freebsd-geom@FreeBSD.ORG  Tue Aug 22 03:58:43 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AFF3A16A4DA
	for <freebsd-geom@freebsd.org>; Tue, 22 Aug 2006 03:58:43 +0000 (UTC)
	(envelope-from supraexpress@globaleyes.net)
Received: from MX1.ll.net (mail.globaleyes.net [209.131.230.155])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 44AD743D4C
	for <freebsd-geom@freebsd.org>; Tue, 22 Aug 2006 03:58:43 +0000 (GMT)
	(envelope-from supraexpress@globaleyes.net)
Received: from [10.0.0.5] (unverified [209.131.254.239]) by MX1.ll.net
	(Vircom SMTPRS 4.35.480.0) with ESMTP id <B0553137871@MX1.ll.net> for
	<freebsd-geom@freebsd.org>; Mon, 21 Aug 2006 22:58:37 -0500
X-Modus-BlackList: 209.131.254.239=OK;supraexpress@globaleyes.net=OK
X-Modus-RBL: 209.131.254.239=Excluded
X-Modus-Trusted: 209.131.254.239=NO
Message-ID: <44EA80EB.70809@globaleyes.net>
Date: Mon, 21 Aug 2006 22:58:35 -0500
From: User1001 <supraexpress@globaleyes.net>
User-Agent: Thunderbird 1.5.0.5 (X11/20060806)
MIME-Version: 1.0
To: freebsd-geom@freebsd.org
References: <20060808195202.GA1564@garage.freebsd.pl>	<f6791cc60608101418r52c42aa0mad896951db5b75a@mail.gmail.com>	<f6791cc60608101554w2b10d8a5y9dc87f2198080281@mail.gmail.com>	<20060810232255.GE1389@garage.freebsd.pl>	<20060811143257.E2260@fledge.watson.org>	<20060812100328.GB73241@garage.freebsd.pl>
	<44DDF69F.7040104@globaleyes.net>
In-Reply-To: <44DDF69F.7040104@globaleyes.net>
X-Enigmail-Version: 0.94.1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: Verifying GELI disk encryption
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Aug 2006 03:58:43 -0000

Defining a small 2MB 'partition' and setting it up for GELI encryption
made it easy to use DD to view the raw data (with ghex2) when the
partition was detached from GELI. This way, I could be certain that ANY
data written to the partition would be read, no matter WHERE it actually
resided within the partition.

When I first tried this on a new 70+GB DRIVE that had only one file, it
was a wee bit difficult to ensure that DD "slice" actually contained the
encrypted file that I was expecting.

So one "simple way to verify (geli) encryption" is to use it on a small
enough space that can be relatively easy to view as raw data.


User1001 wrote:
> What are some relatively simple ways to verify the encryption of/on a
> GELI device?