d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Give algorithms recommendation.

Browse Source 
- Keep options in alphabetical order.
This commit is contained in:
Pawel Jakub Dawidek 2008-08-29 17:13:07 +00:00
parent a25cb00747
commit 785c7ba6a1
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=182451
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
sbin/geom/class/eli/geli.8
View File

@ -224,6 +224,15 @@ Currently supported algorithms are:
and
.Nm HMAC/SHA512 .
If the option is not given, there will be no authentication, only encryption.
The recommended algorithm is
.Nm HMAC/SHA256 .
.It Fl b
Ask for the passphrase on boot, before the root partition is mounted.
This makes it possible to use an encrypted root partition.
One will still need bootable unencrypted storage with a
.Pa /boot/
directory, which can be a CD-ROM disc or USB pen-drive, that can be removed
after boot.
.It Fl e Ar ealgo
Encryption algorithm to use.
Currently supported algorithms are:
@ -232,15 +241,8 @@ Currently supported algorithms are:
.Nm Camellia
and
.Nm 3DES .
The default is
The default and recommended algorithm is
.Nm AES .
.It Fl b
Ask for the passphrase on boot, before the root partition is mounted.
This makes it possible to use an encrypted root partition.
One will still need bootable unencrypted storage with a
.Pa /boot/
directory, which can be a CD-ROM disc or USB pen-drive, that can be removed
after boot.
.It Fl i Ar iterations
Number of iterations to use with PKCS#5v2.
If this option is not specified,
@ -267,13 +269,13 @@ If not given, the default key length for the given algorithm is used, which is:
.Nm Camellia
and 192 for
.Nm 3DES .
.It Fl P
Do not use passphrase as the key component.
.It Fl s Ar sectorsize
Change decrypted provider's sector size.
Increasing sector size allows to increase performance, because we need to
generate an IV and do encrypt/decrypt for every single sector - less number
of sectors means less work to do.
.It Fl P
Do not use passphrase as the key component.
.El
.It Cm attach
Attach the given provider.
@ -296,9 +298,6 @@ Probably a better choice is the
option for the
.Cm detach
subcommand.
.It Fl r
Attach read-only provider.
It will not be opened for writing.
.It Fl k Ar keyfile
Specifies a file which contains part of the key.
For more information see the description of the
@ -308,6 +307,9 @@ option for the
subcommand.
.It Fl p
Do not use passphrase as the key component.
.It Fl r
Attach read-only provider.
It will not be opened for writing.
.El
.It Cm detach
Detach the given providers, which means remove the devfs entry