Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 8 Feb 2006 21:18:53 +0100
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        Christian Baer <christian.baer@informatik.uni-dortmund.de>
Cc:        freebsd-geom@freebsd.org
Subject:   Re: -p with GELI
Message-ID:  <20060208201852.GA732@garage.freebsd.pl>
In-Reply-To: <dsdidb$gf7$1@nermal.rz1.convenimus.net>
References:  <dsdidb$gf7$1@nermal.rz1.convenimus.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

--3MwIy2ne0vdjdPXF
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Feb 08, 2006 at 08:56:27PM +0100, Christian Baer wrote:
+> Hi folks!
+>=20
+> Is there some way to make GELI do the same this as GBDE does when the -p
+> (small 'p') is used? The idea is to run GELI in a script, ask for the
+> passphrase once and then attach, check and mount several providers with
+> the same passphrase automatically.

The '-p' option is gbde(8) is actually only for debug purposes, as other
users can see it in ps(1) output (if not configured otherwise) and the
passphrase will be logged via audit mechanism which is currenty merged
to the tree.

What you want to use is '-k' option.
If you really know what you're doing you can do something like this:

#!/bin/sh

stty -echo
read -p "Enter passphrase: " passphrase
stty echo
echo "${passphrase}" | geli attach -k - da0
echo "${passphrase}" | geli attach -k - da1
echo "${passphrase}" | geli attach -k - da2

I suggest not to use the same passphrase for all providers.
You can always do something like:

pass_da0=3D`echo "0${passphrase}0" | sha256`
pass_da1=3D`echo "1${passphrase}1" | sha256`
pass_da2=3D`echo "2${passphrase}2" | sha256`

echo "${pass_da0}" | geli attach -k - da0
echo "${pass_da1}" | geli attach -k - da1
echo "${pass_da2}" | geli attach -k - da2

--=20
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--3MwIy2ne0vdjdPXF
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFD6lIsForvXbEpPzQRAs4AAKDVCG7sherFzknJTtt45dSy1R2wsgCfTuk3
kEYRGfUUZ0aj5Pl9fRPa3dk=
=iiic
-----END PGP SIGNATURE-----

--3MwIy2ne0vdjdPXF--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060208201852.GA732>