From owner-svn-src-head@FreeBSD.ORG Sun Nov 9 15:53:30 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 58B0D9A5; Sun, 9 Nov 2014 15:53:30 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2A30584A; Sun, 9 Nov 2014 15:53:30 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sA9FrUBU042800; Sun, 9 Nov 2014 15:53:30 GMT (envelope-from phk@FreeBSD.org) Received: (from phk@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sA9FrTCO042798; Sun, 9 Nov 2014 15:53:29 GMT (envelope-from phk@FreeBSD.org) Message-Id: <201411091553.sA9FrTCO042798@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: phk set sender to phk@FreeBSD.org using -f From: Poul-Henning Kamp Date: Sun, 9 Nov 2014 15:53:29 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r274314 - head/sbin/gbde X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Nov 2014 15:53:30 -0000 Author: phk Date: Sun Nov 9 15:53:29 2014 New Revision: 274314 URL: https://svnweb.freebsd.org/changeset/base/274314 Log: Report the 1-based key numbers rather than the 0-based ones to be consistent. Fix documentation for destroy command. Not sure how the wrong explanation happened. Spotted by: mwlucas Modified: head/sbin/gbde/gbde.8 head/sbin/gbde/gbde.c Modified: head/sbin/gbde/gbde.8 ============================================================================== --- head/sbin/gbde/gbde.8 Sun Nov 9 15:52:11 2014 (r274313) +++ head/sbin/gbde/gbde.8 Sun Nov 9 15:53:29 2014 (r274314) @@ -233,9 +233,23 @@ pass-phrase: .Pp .Dl "gbde setkey ada0s1f -n 2 -P foo -L key2.lockfile" .Pp -To destroy all copies of the masterkey: +To invalidate your own masterkey: +.Pp +.Dl "gbde nuke ada0s1f" +.Pp +This will overwrite your masterkey sector with zeros, and results in +a diagnostic if you try to use the key again. +You can also destroy the other three copies of the masterkey with the +-n argument. +.Pp +You can also invalidate your masterkey without leaving a tell-tale sector +full of zeros: .Pp .Dl "gbde destroy ada0s1f" +.Pp +This will overwrite the information fields in your masterkey sector, +encrypt it and write it back. +You get a (different) diagnostic if you try to use it. .Sh SEE ALSO .Xr gbde 4 , .Xr geom 4 Modified: head/sbin/gbde/gbde.c ============================================================================== --- head/sbin/gbde/gbde.c Sun Nov 9 15:52:11 2014 (r274313) +++ head/sbin/gbde/gbde.c Sun Nov 9 15:53:29 2014 (r274314) @@ -300,7 +300,6 @@ cmd_attach(const struct g_bde_softc *sc, gctl_ro_param(r, "key", 16, buf); close(ffd); } - /* gctl_dump(r, stdout); */ errstr = gctl_issue(r); if (errstr != NULL) errx(1, "Attach to %s failed: %s", dest, errstr); @@ -371,7 +370,7 @@ cmd_open(struct g_bde_softc *sc, int dfd if (error != 0) errx(1, "Error %d decrypting lock", error); if (nkey) - printf("Opened with key %u\n", *nkey); + printf("Opened with key %u\n", 1 + *nkey); return; } @@ -392,7 +391,7 @@ cmd_nuke(struct g_bde_key *gl, int dfd , free(sbuf); if (i != (int)gl->sectorsize) err(1, "write"); - printf("Nuked key %d\n", key); + printf("Nuked key %d\n", 1 + key); } static void @@ -493,7 +492,7 @@ cmd_destroy(struct g_bde_key *gl, int nk bzero(&gl->sector0, sizeof gl->sector0); bzero(&gl->sectorN, sizeof gl->sectorN); bzero(&gl->keyoffset, sizeof gl->keyoffset); - bzero(&gl->flags, sizeof gl->flags); + gl->flags &= GBDE_F_SECT0; bzero(gl->mkey, sizeof gl->mkey); for (i = 0; i < G_BDE_MAXKEYS; i++) if (i != nkey)