- Give algorithms recommendation.
- Keep options in alphabetical order.
This commit is contained in:
parent
a25cb00747
commit
785c7ba6a1
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=182451
@ -224,6 +224,15 @@ Currently supported algorithms are:
|
|||||||
and
|
and
|
||||||
.Nm HMAC/SHA512 .
|
.Nm HMAC/SHA512 .
|
||||||
If the option is not given, there will be no authentication, only encryption.
|
If the option is not given, there will be no authentication, only encryption.
|
||||||
|
The recommended algorithm is
|
||||||
|
.Nm HMAC/SHA256 .
|
||||||
|
.It Fl b
|
||||||
|
Ask for the passphrase on boot, before the root partition is mounted.
|
||||||
|
This makes it possible to use an encrypted root partition.
|
||||||
|
One will still need bootable unencrypted storage with a
|
||||||
|
.Pa /boot/
|
||||||
|
directory, which can be a CD-ROM disc or USB pen-drive, that can be removed
|
||||||
|
after boot.
|
||||||
.It Fl e Ar ealgo
|
.It Fl e Ar ealgo
|
||||||
Encryption algorithm to use.
|
Encryption algorithm to use.
|
||||||
Currently supported algorithms are:
|
Currently supported algorithms are:
|
||||||
@ -232,15 +241,8 @@ Currently supported algorithms are:
|
|||||||
.Nm Camellia
|
.Nm Camellia
|
||||||
and
|
and
|
||||||
.Nm 3DES .
|
.Nm 3DES .
|
||||||
The default is
|
The default and recommended algorithm is
|
||||||
.Nm AES .
|
.Nm AES .
|
||||||
.It Fl b
|
|
||||||
Ask for the passphrase on boot, before the root partition is mounted.
|
|
||||||
This makes it possible to use an encrypted root partition.
|
|
||||||
One will still need bootable unencrypted storage with a
|
|
||||||
.Pa /boot/
|
|
||||||
directory, which can be a CD-ROM disc or USB pen-drive, that can be removed
|
|
||||||
after boot.
|
|
||||||
.It Fl i Ar iterations
|
.It Fl i Ar iterations
|
||||||
Number of iterations to use with PKCS#5v2.
|
Number of iterations to use with PKCS#5v2.
|
||||||
If this option is not specified,
|
If this option is not specified,
|
||||||
@ -267,13 +269,13 @@ If not given, the default key length for the given algorithm is used, which is:
|
|||||||
.Nm Camellia
|
.Nm Camellia
|
||||||
and 192 for
|
and 192 for
|
||||||
.Nm 3DES .
|
.Nm 3DES .
|
||||||
|
.It Fl P
|
||||||
|
Do not use passphrase as the key component.
|
||||||
.It Fl s Ar sectorsize
|
.It Fl s Ar sectorsize
|
||||||
Change decrypted provider's sector size.
|
Change decrypted provider's sector size.
|
||||||
Increasing sector size allows to increase performance, because we need to
|
Increasing sector size allows to increase performance, because we need to
|
||||||
generate an IV and do encrypt/decrypt for every single sector - less number
|
generate an IV and do encrypt/decrypt for every single sector - less number
|
||||||
of sectors means less work to do.
|
of sectors means less work to do.
|
||||||
.It Fl P
|
|
||||||
Do not use passphrase as the key component.
|
|
||||||
.El
|
.El
|
||||||
.It Cm attach
|
.It Cm attach
|
||||||
Attach the given provider.
|
Attach the given provider.
|
||||||
@ -296,9 +298,6 @@ Probably a better choice is the
|
|||||||
option for the
|
option for the
|
||||||
.Cm detach
|
.Cm detach
|
||||||
subcommand.
|
subcommand.
|
||||||
.It Fl r
|
|
||||||
Attach read-only provider.
|
|
||||||
It will not be opened for writing.
|
|
||||||
.It Fl k Ar keyfile
|
.It Fl k Ar keyfile
|
||||||
Specifies a file which contains part of the key.
|
Specifies a file which contains part of the key.
|
||||||
For more information see the description of the
|
For more information see the description of the
|
||||||
@ -308,6 +307,9 @@ option for the
|
|||||||
subcommand.
|
subcommand.
|
||||||
.It Fl p
|
.It Fl p
|
||||||
Do not use passphrase as the key component.
|
Do not use passphrase as the key component.
|
||||||
|
.It Fl r
|
||||||
|
Attach read-only provider.
|
||||||
|
It will not be opened for writing.
|
||||||
.El
|
.El
|
||||||
.It Cm detach
|
.It Cm detach
|
||||||
Detach the given providers, which means remove the devfs entry
|
Detach the given providers, which means remove the devfs entry
|
||||||
|
Loading…
Reference in New Issue
Block a user