Date: Mon, 19 Aug 2019 05:08:26 +0200 From: Marco Steinbach <coco@executive-computing.de> To: freebsd-geom@freebsd.org Cc: Alaksiej <ac@belngo.info>, CyberLeo Kitsana <cyberleo@cyberleo.net>, Ben Woods <woodsb02@gmail.com> Subject: Re: 11.3: GELI attach: Wrong key despite correct passphrase (SOLVED) Message-ID: <20190819050826.00002d83@executive-computing.de> In-Reply-To: <20190819035509.00007d37@executive-computing.de> References: <20190818154602.00003fa8@executive-computing.de> <96f3e2f5-ab4c-19c9-2f68-e42bb0e8aab4@cyberleo.net> <20190818210531.00006ffa@executive-computing.de> <CAOc73CBmEum2V4M7jFLZ5B4iTnAP=fpg5ozmzGPYcyzhr0PBLg@mail.gmail.com> <20190819035509.00007d37@executive-computing.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 19 Aug 2019 03:55:09 +0200 Marco Steinbach <coco@executive-computing.de> wrote: > On Mon, 19 Aug 2019 06:27:34 +0800 > Ben Woods <woodsb02@gmail.com> wrote: >=20 > > On Mon, 19 Aug 2019 at 3:05 am, Marco Steinbach > > <coco@executive-computing.de> wrote: > > =20 > > > On Sun, 18 Aug 2019 10:20:51 -0500 > > > CyberLeo Kitsana <cyberleo@cyberleo.net> wrote: > > > =20 > > > > On 8/18/19 8:46 AM, Marco Steinbach wrote: =20 > > > > > Hi. > > > > > > > > > > I have two bootable SSDs, both installed using a GELI > > > > > encrypted root on ZFS. =20 > > > > > > > > <snip> > > > > =20 > > > > > I've then imported the bootpool from da0, and mounted it, so I > > > > > can try using the key in boot/ > > > > > > > > > > root@bsdbuch:~ # geli attach > > > > > -k /bootpool/boot/ada0p5.eli /dev/da0p5 Enter passphrase: > > > > > geli: Wrong key for da0p5. =20 > > > > > > > > Did you intend on combining both a keyfile AND a passphrase > > > > here? If not, include the -p option to instruct geli to avoid > > > > asking for a passphrase to mix in. > > > > > > > > It might also help to include the output of 'geli dump' for both > > > > of the affected providers. You can obscure the 'Salt' and > > > > 'Master Key' portions if you so desire. > > > > =20 > > > > > > I think there's a misunderstanding. > > > > > > I merely want to attach the GELI created by the 11.1 installer to > > > a newly installed 11.3 system. > > > > > > MfG CoCo =20 > >=20 > >=20 > > Indeed, but what secrets do you need to provide to decrypt the geli > > providers (passphrase, passfile, keyfile)? The command above will > > use both a keyfile and prompt for a passphrase - was this your > > intention? > >=20 > > The =E2=80=9Cattach=E2=80=9D section of this manpage has more details i= f required: > >=20 > > https://man.freebsd.org/geli > > =20 >=20 > What secrets do I need to provide, if I installed a root on ZFS on top > of GELI using the FreeBSD installer (no manual intervention, really > just what the installer offered) on the 11.1-RELEASE memstick, > if I want to attach that provider to an 11.3-RELEASE system ? >=20 > As I wrote, I have two SSDs both installed using the FreeBSD installer > using root on ZFS on top of GELI. One was installed using the > 11.1-RELEASE memstick, the other was installed using the 11.3-RELEASE > memstick. >=20 > I can attach the 11.3-RELEASE from the 11.1-RELEASE (just doing 'geli > attach /dev/da0p5), but not vice versa. Both use the same passphrase, > and both boot using this same passphrase. >=20 > Since GELI on the 11.3-RELEASE system told me 'geli: wrong key for > da0p5' when trying to attach the 11.1-RELEASE GELI provider, I tried > using the keyfile generated by the 11.1-RELEASE installer in > conjunction with the passphrase. That also failed. Hi. I now have successfully tested cross-attaching the 11.1/11.3 GELI providers using their respective keyfiles and the passphrase. It's still beyond me, why I was able to simply attach the GELI provider on the external USB drive created in 11.3 just using the passphrase, when 11.1 was booted, but not vice versa (with 11.3 booted internally, and 11.1 in the external enclosure). In all my tries, I allways plugged in the external drive after the system was fully up. Thank you all for your suggestions and hints -- that was quite an informative lesson. MfG CoCo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190819050826.00002d83>