From owner-svn-src-head@FreeBSD.ORG Thu Sep 23 12:00:40 2010 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E47D11065675; Thu, 23 Sep 2010 12:00:40 +0000 (UTC) (envelope-from pjd@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id B9A0E8FC21; Thu, 23 Sep 2010 12:00:40 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o8NC0ema068467; Thu, 23 Sep 2010 12:00:40 GMT (envelope-from pjd@svn.freebsd.org) Received: (from pjd@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o8NC0elw068465; Thu, 23 Sep 2010 12:00:40 GMT (envelope-from pjd@svn.freebsd.org) Message-Id: <201009231200.o8NC0elw068465@svn.freebsd.org> From: Pawel Jakub Dawidek Date: Thu, 23 Sep 2010 12:00:40 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r213071 - head/sbin/geom/class/eli X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2010 12:00:41 -0000 Author: pjd Date: Thu Sep 23 12:00:40 2010 New Revision: 213071 URL: http://svn.freebsd.org/changeset/base/213071 Log: Document AES-XTS. MFC after: 1 week Modified: head/sbin/geom/class/eli/geli.8 Modified: head/sbin/geom/class/eli/geli.8 ============================================================================== --- head/sbin/geom/class/eli/geli.8 Thu Sep 23 11:58:36 2010 (r213070) +++ head/sbin/geom/class/eli/geli.8 Thu Sep 23 12:00:40 2010 (r213071) @@ -1,4 +1,4 @@ -.\" Copyright (c) 2005-2008 Pawel Jakub Dawidek +.\" Copyright (c) 2005-2010 Pawel Jakub Dawidek .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd September 20, 2010 +.Dd September 23, 2010 .Dt GELI 8 .Os .Sh NAME @@ -151,11 +151,12 @@ framework, so when there is crypto hardw will make use of it automatically. .It Supports many cryptographic algorithms (currently -.Nm AES , -.Nm Blowfish , -.Nm Camellia +.Nm AES-XTS , +.Nm AES-CBC , +.Nm Blowfish-CBC , +.Nm Camellia-CBC and -.Nm 3DES ) . +.Nm 3DES-CBC ) . .It Can optionally perform data authentication (integrity verification) utilizing one of the following algorithms: @@ -257,13 +258,14 @@ as the .It Fl e Ar ealgo Encryption algorithm to use. Currently supported algorithms are: -.Nm AES , -.Nm Blowfish , -.Nm Camellia +.Nm AES-XTS , +.Nm AES-CBC , +.Nm Blowfish-CBC , +.Nm Camellia-CBC and -.Nm 3DES . +.Nm 3DES-CBC . The default and recommended algorithm is -.Nm AES . +.Nm AES-XTS . .It Fl i Ar iterations Number of iterations to use with PKCS#5v2. If this option is not specified, @@ -283,13 +285,13 @@ Here is how more than one file with a ke Key length to use with the given cryptographic algorithm. If not given, the default key length for the given algorithm is used, which is: 128 for -.Nm AES , -128 for -.Nm Blowfish , -128 for -.Nm Camellia +.Nm AES-XTS , +.Nm AES-CBC , +.Nm Blowfish-CBC +and +.Nm Camellia-CBC and 192 for -.Nm 3DES . +.Nm 3DES-CBC . .It Fl P Do not use passphrase as the key component. .It Fl s Ar sectorsize @@ -709,6 +711,21 @@ update the metadata: # geli resize -s 1g ada0p1 # geli attach -k keyfile -p ada0p1 .Ed +.Sh ENCRYPTION MODES +.Nm +supports two encryption modes: +.Nm XTS , +which was standarized as +.Nm IEE P1619 +and +.Nm CBC +with unpredictable IV. +The +.Nm CBC +mode used by +.Nm +is very similar to the mode +.Nm ESSIV . .Sh DATA AUTHENTICATION .Nm can verify data integrity when an authentication algorithm is specified.