Date: Wed, 24 Jan 2007 00:44:35 +0100 From: Thomas Nickl <T.Nickl@gmx.net> To: freebsd-geom@freebsd.org Subject: GELI: change keyfile to passphrase Message-ID: <45B69DE3.1050407@gmx.net>
next in thread | raw e-mail | index | archive | help
Hi,
I know a way to destroy your geli partition without knowing ;) :
dd if=/dev/random of=/tmp/keyfile count=1 bs=128
geli init -s 4096 -b -P -K /tmp/keyfile /dev/md9
geli attach -p -k /tmp/keyfile /dev/md9
geli setkey -n 0 /dev/md9
> <new password entered twice>
geli detach /dev/md9
geli attach /dev/md9
> Missing -p flag.
geli attach -p /dev/md9
> No key components given.
geli attach -p -k /tmp/keyfile /dev/md9
> Wrong key for md9.
Replacing the setkey line with
geli setkey -n 0 -p -k /tmp/keyfile /dev/md9
doesen't help.
HOWEVER,
geli detach /dev/md9
and then
geli setkey -n 0 -p -k /tmp/keyfile /dev/md9
works as designed ("geli attach /dev/md9" now asks for a passphrase)
So I can recommend: never set a key with an attached media.
I have "FreeBSD washu 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Sun May 7
04:42:56 UTC 2006 root@opus.cse.buffalo.edu:/usr/obj/usr/src/sys/SMP
i386".
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45B69DE3.1050407>