Date: Fri, 10 Feb 2023 12:25:03 +0100 From: Mariusz Zaborski <oshogbo@freebsd.org> To: Mel Pilgrim <list_freebsd@bluerosetech.com> Cc: freebsd-security@freebsd.org, FreeBSD Security Advisories <security-advisories@freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-23:01.geli Message-ID: <CAGOYWV_26qGLPO%2BZNL6N8p57JhguU=heYQ3ejQqqvFJzYXwv-A@mail.gmail.com> In-Reply-To: <d9a388ec-4e29-1423-e168-3d05c310e099@bluerosetech.com> References: <20230208190833.1DF6F8824@freefall.freebsd.org> <d9a388ec-4e29-1423-e168-3d05c310e099@bluerosetech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--00000000000055af1205f456c0c7 Content-Type: text/plain; charset="UTF-8" To test decryption in dry mode (can be used on the decrypted device): echo -n | geli attach -C -p -k - dev If it succeeds you want to re-encrypt your devices. On Fri, 10 Feb 2023 at 02:48, Mel Pilgrim <list_freebsd@bluerosetech.com> wrote: > On 2023-02-08 11:08, FreeBSD Security Advisories wrote: > > > ============================================================================= > > FreeBSD-SA-23:01.geli Security > Advisory > > The FreeBSD > Project > > > > Topic: GELI silently omits the keyfile if read from stdin > > How do I test my existing devices to see if the master key needs to be > encrypted? > > Does the solution change if the keyfiles don't require passwords? I use > GELI keyfiles without passwords for unattended reboots. > > --00000000000055af1205f456c0c7 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr">To test decryption in dry mode (can be used on the decrypt= ed device):<br>echo -n | geli attach -C -p -k - dev<br><br>If it succeeds y= ou want to re-encrypt your devices.</div><br><div class=3D"gmail_quote"><di= v dir=3D"ltr" class=3D"gmail_attr">On Fri, 10 Feb 2023 at 02:48, Mel Pilgri= m <<a href=3D"mailto:list_freebsd@bluerosetech.com" target=3D"_blank">li= st_freebsd@bluerosetech.com</a>> wrote:<br></div><blockquote class=3D"gm= ail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,= 204,204);padding-left:1ex">On 2023-02-08 11:08, FreeBSD Security Advisories= wrote:<br> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D<br> > FreeBSD-SA-23:01.geli=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0Security Advisory<br> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 The Free= BSD Project<br> > <br> > Topic:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 GELI silently omits the keyfi= le if read from stdin<br> <br> How do I test my existing devices to see if the master key needs to be <br> encrypted?<br> <br> Does the solution change if the keyfiles don't require passwords?=C2=A0= I use <br> GELI keyfiles without passwords for unattended reboots.<br> <br> </blockquote></div> --00000000000055af1205f456c0c7--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGOYWV_26qGLPO%2BZNL6N8p57JhguU=heYQ3ejQqqvFJzYXwv-A>