Date: Mon, 19 Aug 2019 03:55:09 +0200 From: Marco Steinbach <coco@executive-computing.de> To: freebsd-geom@freebsd.org Subject: Re: 11.3: GELI attach: Wrong key despite correct passphrase Message-ID: <20190819035509.00007d37@executive-computing.de> In-Reply-To: <CAOc73CBmEum2V4M7jFLZ5B4iTnAP=fpg5ozmzGPYcyzhr0PBLg@mail.gmail.com> References: <20190818154602.00003fa8@executive-computing.de> <96f3e2f5-ab4c-19c9-2f68-e42bb0e8aab4@cyberleo.net> <20190818210531.00006ffa@executive-computing.de> <CAOc73CBmEum2V4M7jFLZ5B4iTnAP=fpg5ozmzGPYcyzhr0PBLg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 19 Aug 2019 06:27:34 +0800 Ben Woods <woodsb02@gmail.com> wrote: > On Mon, 19 Aug 2019 at 3:05 am, Marco Steinbach > <coco@executive-computing.de> wrote: > > > On Sun, 18 Aug 2019 10:20:51 -0500 > > CyberLeo Kitsana <cyberleo@cyberleo.net> wrote: > > > > > On 8/18/19 8:46 AM, Marco Steinbach wrote: > > > > Hi. > > > > > > > > I have two bootable SSDs, both installed using a GELI encrypted > > > > root on ZFS. > > > > > > <snip> > > > > > > > I've then imported the bootpool from da0, and mounted it, so I > > > > can try using the key in boot/ > > > > > > > > root@bsdbuch:~ # geli attach > > > > -k /bootpool/boot/ada0p5.eli /dev/da0p5 Enter passphrase: > > > > geli: Wrong key for da0p5. > > > > > > Did you intend on combining both a keyfile AND a passphrase here? > > > If not, include the -p option to instruct geli to avoid asking > > > for a passphrase to mix in. > > > > > > It might also help to include the output of 'geli dump' for both > > > of the affected providers. You can obscure the 'Salt' and 'Master > > > Key' portions if you so desire. > > > > > > > I think there's a misunderstanding. > > > > I merely want to attach the GELI created by the 11.1 installer to a > > newly installed 11.3 system. > > > > MfG CoCo > > > Indeed, but what secrets do you need to provide to decrypt the geli > providers (passphrase, passfile, keyfile)? The command above will use > both a keyfile and prompt for a passphrase - was this your intention? > > The “attach” section of this manpage has more details if required: > > https://man.freebsd.org/geli > What secrets do I need to provide, if I installed a root on ZFS on top of GELI using the FreeBSD installer (no manual intervention, really just what the installer offered) on the 11.1-RELEASE memstick, if I want to attach that provider to an 11.3-RELEASE system ? As I wrote, I have two SSDs both installed using the FreeBSD installer using root on ZFS on top of GELI. One was installed using the 11.1-RELEASE memstick, the other was installed using the 11.3-RELEASE memstick. I can attach the 11.3-RELEASE from the 11.1-RELEASE (just doing 'geli attach /dev/da0p5), but not vice versa. Both use the same passphrase, and both boot using this same passphrase. Since GELI on the 11.3-RELEASE system told me 'geli: wrong key for da0p5' when trying to attach the 11.1-RELEASE GELI provider, I tried using the keyfile generated by the 11.1-RELEASE installer in conjunction with the passphrase. That also failed. MfG CoCo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190819035509.00007d37>