d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Give algorithms recommendation.

Browse Source 
- Keep options in alphabetical order.
This commit is contained in:
Pawel Jakub Dawidek 2008-08-29 17:13:07 +00:00
parent a25cb00747
commit 785c7ba6a1
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=182451
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
sbin/geom/class/eli/geli.8
View File

@ -224,6 +224,15 @@ Currently supported algorithms are:
and and
.Nm HMAC/SHA512 . .Nm HMAC/SHA512 .
If the option is not given, there will be no authentication, only encryption. If the option is not given, there will be no authentication, only encryption.
The recommended algorithm is
.Nm HMAC/SHA256 .
.It Fl b
Ask for the passphrase on boot, before the root partition is mounted.
This makes it possible to use an encrypted root partition.
One will still need bootable unencrypted storage with a
.Pa /boot/
directory, which can be a CD-ROM disc or USB pen-drive, that can be removed
after boot.
.It Fl e Ar ealgo .It Fl e Ar ealgo
Encryption algorithm to use. Encryption algorithm to use.
Currently supported algorithms are: Currently supported algorithms are:
@ -232,15 +241,8 @@ Currently supported algorithms are:
.Nm Camellia .Nm Camellia
and and
.Nm 3DES . .Nm 3DES .
The default is The default and recommended algorithm is
.Nm AES . .Nm AES .
.It Fl b
Ask for the passphrase on boot, before the root partition is mounted.
This makes it possible to use an encrypted root partition.
One will still need bootable unencrypted storage with a
.Pa /boot/
directory, which can be a CD-ROM disc or USB pen-drive, that can be removed
after boot.
.It Fl i Ar iterations .It Fl i Ar iterations
Number of iterations to use with PKCS#5v2. Number of iterations to use with PKCS#5v2.
If this option is not specified, If this option is not specified,
@ -267,13 +269,13 @@ If not given, the default key length for the given algorithm is used, which is:
.Nm Camellia .Nm Camellia
and 192 for and 192 for
.Nm 3DES . .Nm 3DES .
.It Fl P
Do not use passphrase as the key component.
.It Fl s Ar sectorsize .It Fl s Ar sectorsize
Change decrypted provider's sector size. Change decrypted provider's sector size.
Increasing sector size allows to increase performance, because we need to Increasing sector size allows to increase performance, because we need to
generate an IV and do encrypt/decrypt for every single sector - less number generate an IV and do encrypt/decrypt for every single sector - less number
of sectors means less work to do. of sectors means less work to do.
.It Fl P
Do not use passphrase as the key component.
.El .El
.It Cm attach .It Cm attach
Attach the given provider. Attach the given provider.
@ -296,9 +298,6 @@ Probably a better choice is the
option for the option for the
.Cm detach .Cm detach
subcommand. subcommand.
.It Fl r
Attach read-only provider.
It will not be opened for writing.
.It Fl k Ar keyfile .It Fl k Ar keyfile
Specifies a file which contains part of the key. Specifies a file which contains part of the key.
For more information see the description of the For more information see the description of the
@ -308,6 +307,9 @@ option for the
subcommand. subcommand.
.It Fl p .It Fl p
Do not use passphrase as the key component. Do not use passphrase as the key component.
.It Fl r
Attach read-only provider.
It will not be opened for writing.
.El .El
.It Cm detach .It Cm detach
Detach the given providers, which means remove the devfs entry Detach the given providers, which means remove the devfs entry