From owner-freebsd-questions@freebsd.org  Mon Sep 26 20:38:23 2016
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EE84FBEA9B5
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Mon, 26 Sep 2016 20:38:23 +0000 (UTC)
 (envelope-from shamim.shahriar@gmail.com)
Received: from mail-qk0-x232.google.com (mail-qk0-x232.google.com
 [IPv6:2607:f8b0:400d:c09::232])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id A8520EA0
 for <freebsd-questions@freebsd.org>; Mon, 26 Sep 2016 20:38:23 +0000 (UTC)
 (envelope-from shamim.shahriar@gmail.com)
Received: by mail-qk0-x232.google.com with SMTP id z190so181407003qkc.3
 for <freebsd-questions@freebsd.org>; Mon, 26 Sep 2016 13:38:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=to:from:subject:message-id:date:user-agent:mime-version
 :content-transfer-encoding;
 bh=gb/dunKquxhRPvGksGu7btjU3+T32sHocJ6S+755tPY=;
 b=CP9N2ZmBjshEr8jSNjvhsTW2VXOX35D53XZTRDdJcYVeQ9uxtwRdGJ5o5Ncc7Tvl+u
 piE2HkrKzmYUUb/E7W3k2fRhBakaQwdc0ESjoZbbMN9lf5DwjNytEJYaDspOLaJs3fvU
 4YomIic2OQphcieWLOFnTHk9F9ACVFIX2QxWWxyOfriLyjNNYqVIK5bZ6+5r7s8bXxiD
 H8EMQ0+TsA4EQnY3YBVMZkqYVbD6+ttjsKswNh4e+thPPqFGMYFuODN4ynj74aAYo7R+
 P36YgcNiIbKph+NW7fSxTkx32FGvtdaSJD6534BTTpYcrFkGJD1RXgzCQnyndFs2M5Jq
 UIbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:to:from:subject:message-id:date:user-agent
 :mime-version:content-transfer-encoding;
 bh=gb/dunKquxhRPvGksGu7btjU3+T32sHocJ6S+755tPY=;
 b=AgQsAh2JINKuzCG6a55YaNPm03M1MaOynlMt77QiR0lye/gjn2MuAiuDiDEAz9OrN1
 QxzSFnQAFU4V8fcH0qgaa4vUTrultPWWtwXnnCy+dSaoPL9IVaXTvnyj0b7z/MhMXaEj
 MvYKmuKycqyH1zQJ8fa2BiYhQ92+OER8D45/w1bAPL6sjPWSzrxhhu9bfiZ5mPyL3RaD
 apMjyZQs/Yo4uVn1xPI1iNp+gMt33x/zFoQz8HlnsQBNLicqVPPb3wloKjSDouPUPttv
 3yAZ6ZE9S9yb0zLO0KW43jzFzVge/QW4lZ4+vjxKNA3Pnk5POUUa/fmALhezFG3uz3W7
 QyQQ==
X-Gm-Message-State: AA6/9Rk28elMK/MAe/NFpT5wyNAT0+glbAAxaO4TU5lzgOEA3a/4YX7t5+kkshNZuCRqgA==
X-Received: by 10.194.88.74 with SMTP id be10mr19201460wjb.120.1474922302446; 
 Mon, 26 Sep 2016 13:38:22 -0700 (PDT)
Received: from osk.homenet ([2001:470:196e:13:f2de:f1ff:fed1:783c])
 by smtp.googlemail.com with ESMTPSA id vs7sm24206694wjb.10.2016.09.26.13.38.21
 for <freebsd-questions@freebsd.org>
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 26 Sep 2016 13:38:21 -0700 (PDT)
To: freebsd-questions@freebsd.org
From: Shamim Shahriar <shamim.shahriar@gmail.com>
Subject: geli setkey n 1 anomaly :: or am I missing something
Message-ID: <8fbc859d-716b-e7d2-9867-188270fa596b@gmail.com>
Date: Mon, 26 Sep 2016 21:38:20 +0100
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101
 Thunderbird/45.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Sep 2016 20:38:24 -0000

Good evening all, I am having some difficult with geli. I am trying to
set up an encrypted provider for my users, using the setkey feature, but
it is not working.

system: FreeBSD 11-RC3

from the man page
     Create an encrypted provider, but use two User Keys: one for your
     employee and one for you as the company's security officer (so it
is not
     a tragedy if the employee "accidentally" forgets his passphrase):

           # geli init /dev/da2
           Enter new passphrase:   (enter security officer's passphrase)
           Reenter new passphrase:
           # geli setkey -n 1 /dev/da2
           Enter passphrase:       (enter security officer's passphrase)
           Enter new passphrase:   (let your employee enter his
passphrase ...)
           Reenter new passphrase: (... twice)

Following this path, I have encrypted a provider, ada0p4

# geli init -e aes-xts -l 256 -K geli.key /dev/ada0p4
Enter new passphrase:   # I enter my passphrase
Reenter new passphrase: # I re-enter my passphrase

all is good.

Now, I am trying to set up the passphrase for the colleague
# geli setkey n 1 -k geli.key /dev/ada0p4
Enter passphrase:       # entered my passphrase
Enter new passphrase:   # entered colleague's passphrase
Reenter new passphrase: # re-entered colleague's passphrase

Now, as I try to attach using colleague's passphrase, I get a Wrong key
error. My key works fine.

# geli attach -k geli.key /dev/ada0p4
Enter passphrase:   # I put colleague's passphrase
Wrong key

I am not sure what I am doing wrong. any pointer will be greatly
appreciated. If you require further information, please do not hesitate
to ask.

Thanks and regards