From owner-freebsd-geom@FreeBSD.ORG Wed Feb 8 20:19:18 2006 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 78F1E16A420 for ; Wed, 8 Feb 2006 20:19:18 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8777E43D45 for ; Wed, 8 Feb 2006 20:19:16 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 1247F50B87; Wed, 8 Feb 2006 21:19:15 +0100 (CET) Received: from localhost (dkz165.neoplus.adsl.tpnet.pl [83.24.29.165]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id F23AC50A16; Wed, 8 Feb 2006 21:19:07 +0100 (CET) Date: Wed, 8 Feb 2006 21:18:53 +0100 From: Pawel Jakub Dawidek To: Christian Baer Message-ID: <20060208201852.GA732@garage.freebsd.pl> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="3MwIy2ne0vdjdPXF" Content-Disposition: inline In-Reply-To: X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 User-Agent: mutt-ng/devel-r535 (FreeBSD) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-0.5 required=3.0 tests=BAYES_00,RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL autolearn=no version=3.0.4 Cc: freebsd-geom@freebsd.org Subject: Re: -p with GELI X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2006 20:19:18 -0000 --3MwIy2ne0vdjdPXF Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 08, 2006 at 08:56:27PM +0100, Christian Baer wrote: +> Hi folks! +>=20 +> Is there some way to make GELI do the same this as GBDE does when the -p +> (small 'p') is used? The idea is to run GELI in a script, ask for the +> passphrase once and then attach, check and mount several providers with +> the same passphrase automatically. The '-p' option is gbde(8) is actually only for debug purposes, as other users can see it in ps(1) output (if not configured otherwise) and the passphrase will be logged via audit mechanism which is currenty merged to the tree. What you want to use is '-k' option. If you really know what you're doing you can do something like this: #!/bin/sh stty -echo read -p "Enter passphrase: " passphrase stty echo echo "${passphrase}" | geli attach -k - da0 echo "${passphrase}" | geli attach -k - da1 echo "${passphrase}" | geli attach -k - da2 I suggest not to use the same passphrase for all providers. You can always do something like: pass_da0=3D`echo "0${passphrase}0" | sha256` pass_da1=3D`echo "1${passphrase}1" | sha256` pass_da2=3D`echo "2${passphrase}2" | sha256` echo "${pass_da0}" | geli attach -k - da0 echo "${pass_da1}" | geli attach -k - da1 echo "${pass_da2}" | geli attach -k - da2 --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --3MwIy2ne0vdjdPXF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFD6lIsForvXbEpPzQRAs4AAKDVCG7sherFzknJTtt45dSy1R2wsgCfTuk3 kEYRGfUUZ0aj5Pl9fRPa3dk= =iiic -----END PGP SIGNATURE----- --3MwIy2ne0vdjdPXF--