Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 10 Feb 2023 12:25:03 +0100
From:      Mariusz Zaborski <oshogbo@freebsd.org>
To:        Mel Pilgrim <list_freebsd@bluerosetech.com>
Cc:        freebsd-security@freebsd.org,  FreeBSD Security Advisories <security-advisories@freebsd.org>
Subject:   Re: FreeBSD Security Advisory FreeBSD-SA-23:01.geli
Message-ID:  <CAGOYWV_26qGLPO%2BZNL6N8p57JhguU=heYQ3ejQqqvFJzYXwv-A@mail.gmail.com>
In-Reply-To: <d9a388ec-4e29-1423-e168-3d05c310e099@bluerosetech.com>
References:  <20230208190833.1DF6F8824@freefall.freebsd.org> <d9a388ec-4e29-1423-e168-3d05c310e099@bluerosetech.com>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
To test decryption in dry mode (can be used on the decrypted device):
echo -n | geli attach -C -p -k - dev

If it succeeds you want to re-encrypt your devices.

On Fri, 10 Feb 2023 at 02:48, Mel Pilgrim <list_freebsd@bluerosetech.com>
wrote:

> On 2023-02-08 11:08, FreeBSD Security Advisories wrote:
> >
> =============================================================================
> > FreeBSD-SA-23:01.geli                                       Security
> Advisory
> >                                                            The FreeBSD
> Project
> >
> > Topic:          GELI silently omits the keyfile if read from stdin
>
> How do I test my existing devices to see if the master key needs to be
> encrypted?
>
> Does the solution change if the keyfiles don't require passwords?  I use
> GELI keyfiles without passwords for unattended reboots.
>
>

[-- Attachment #2 --]
<div dir="ltr">To test decryption in dry mode (can be used on the decrypted device):<br>echo -n | geli attach -C -p -k - dev<br><br>If it succeeds you want to re-encrypt your devices.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 10 Feb 2023 at 02:48, Mel Pilgrim &lt;<a href="mailto:list_freebsd@bluerosetech.com" target="_blank">list_freebsd@bluerosetech.com</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 2023-02-08 11:08, FreeBSD Security Advisories wrote:<br>
&gt; =============================================================================<br>
&gt; FreeBSD-SA-23:01.geli                                       Security Advisory<br>
&gt;                                                            The FreeBSD Project<br>
&gt; <br>
&gt; Topic:          GELI silently omits the keyfile if read from stdin<br>
<br>
How do I test my existing devices to see if the master key needs to be <br>
encrypted?<br>
<br>
Does the solution change if the keyfiles don&#39;t require passwords?  I use <br>
GELI keyfiles without passwords for unattended reboots.<br>
<br>
</blockquote></div>
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGOYWV_26qGLPO%2BZNL6N8p57JhguU=heYQ3ejQqqvFJzYXwv-A>