From owner-freebsd-geom@FreeBSD.ORG Wed Jan 24 00:11:47 2007 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A91FE16A401 for ; Wed, 24 Jan 2007 00:11:47 +0000 (UTC) (envelope-from T.Nickl@gmx.net) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.freebsd.org (Postfix) with SMTP id F3A9813C4DB for ; Wed, 24 Jan 2007 00:11:46 +0000 (UTC) (envelope-from T.Nickl@gmx.net) Received: (qmail invoked by alias); 23 Jan 2007 23:45:04 -0000 Received: from ppp-82-135-1-14.dynamic.mnet-online.de (EHLO [192.168.2.2]) [82.135.1.14] by mail.gmx.net (mp040) with SMTP; 24 Jan 2007 00:45:04 +0100 X-Authenticated: #20481763 Message-ID: <45B69DE3.1050407@gmx.net> Date: Wed, 24 Jan 2007 00:44:35 +0100 From: Thomas Nickl User-Agent: Thunderbird 1.5.0.9 (X11/20061206) MIME-Version: 1.0 To: freebsd-geom@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Subject: GELI: change keyfile to passphrase X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jan 2007 00:11:47 -0000 Hi, I know a way to destroy your geli partition without knowing ;) : dd if=/dev/random of=/tmp/keyfile count=1 bs=128 geli init -s 4096 -b -P -K /tmp/keyfile /dev/md9 geli attach -p -k /tmp/keyfile /dev/md9 geli setkey -n 0 /dev/md9 > geli detach /dev/md9 geli attach /dev/md9 > Missing -p flag. geli attach -p /dev/md9 > No key components given. geli attach -p -k /tmp/keyfile /dev/md9 > Wrong key for md9. Replacing the setkey line with geli setkey -n 0 -p -k /tmp/keyfile /dev/md9 doesen't help. HOWEVER, geli detach /dev/md9 and then geli setkey -n 0 -p -k /tmp/keyfile /dev/md9 works as designed ("geli attach /dev/md9" now asks for a passphrase) So I can recommend: never set a key with an attached media. I have "FreeBSD washu 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Sun May 7 04:42:56 UTC 2006 root@opus.cse.buffalo.edu:/usr/obj/usr/src/sys/SMP i386".