9afb74d049
PR: kern/113790 Submitted by: Yoshisato YANAGISAWA <yanagisawa@csg.is.titech.ac.jp> Approved by: re (bmah)
665 lines
19 KiB
Groff
665 lines
19 KiB
Groff
.\" Copyright (c) 2005-2006 Pawel Jakub Dawidek <pjd@FreeBSD.org>
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd September 16, 2006
|
|
.Dt GELI 8
|
|
.Os
|
|
.Sh NAME
|
|
.Nm geli
|
|
.Nd "control utility for cryptographic GEOM class"
|
|
.Sh SYNOPSIS
|
|
To compile GEOM_ELI into your kernel, place the following lines in your kernel
|
|
configuration file:
|
|
.Bd -ragged -offset indent
|
|
.Cd "device crypto"
|
|
.Cd "options GEOM_ELI"
|
|
.Ed
|
|
.Pp
|
|
Alternately, to load the GEOM_ELI module at boot time, place the following line
|
|
in your
|
|
.Xr loader.conf 5 :
|
|
.Bd -literal -offset indent
|
|
geom_eli_load="YES"
|
|
.Ed
|
|
.Pp
|
|
Usage of the
|
|
.Xr geli 8
|
|
utility:
|
|
.Pp
|
|
.Nm
|
|
.Cm init
|
|
.Op Fl bPv
|
|
.Op Fl a Ar aalgo
|
|
.Op Fl e Ar ealgo
|
|
.Op Fl i Ar iterations
|
|
.Op Fl K Ar newkeyfile
|
|
.Op Fl l Ar keylen
|
|
.Op Fl s Ar sectorsize
|
|
.Ar prov
|
|
.Nm
|
|
.Cm label - an alias for
|
|
.Cm init
|
|
.Nm
|
|
.Cm attach
|
|
.Op Fl dprv
|
|
.Op Fl k Ar keyfile
|
|
.Ar prov
|
|
.Nm
|
|
.Cm detach
|
|
.Op Fl fl
|
|
.Ar prov ...
|
|
.Nm
|
|
.Cm stop - an alias for
|
|
.Cm detach
|
|
.Nm
|
|
.Cm onetime
|
|
.Op Fl d
|
|
.Op Fl a Ar aalgo
|
|
.Op Fl e Ar ealgo
|
|
.Op Fl l Ar keylen
|
|
.Op Fl s Ar sectorsize
|
|
.Ar prov ...
|
|
.Nm
|
|
.Cm configure
|
|
.Op Fl bB
|
|
.Ar prov ...
|
|
.Nm
|
|
.Cm setkey
|
|
.Op Fl pPv
|
|
.Op Fl i Ar iterations
|
|
.Op Fl k Ar keyfile
|
|
.Op Fl K Ar newkeyfile
|
|
.Op Fl n Ar keyno
|
|
.Ar prov
|
|
.Nm
|
|
.Cm delkey
|
|
.Op Fl afv
|
|
.Op Fl n Ar keyno
|
|
.Ar prov
|
|
.Nm
|
|
.Cm kill
|
|
.Op Fl av
|
|
.Op Ar prov ...
|
|
.Nm
|
|
.Cm backup
|
|
.Op Fl v
|
|
.Ar prov
|
|
.Ar file
|
|
.Nm
|
|
.Cm restore
|
|
.Op Fl v
|
|
.Ar file
|
|
.Ar prov
|
|
.Nm
|
|
.Cm clear
|
|
.Op Fl v
|
|
.Ar prov ...
|
|
.Nm
|
|
.Cm dump
|
|
.Op Fl v
|
|
.Ar prov ...
|
|
.Nm
|
|
.Cm list
|
|
.Nm
|
|
.Cm status
|
|
.Nm
|
|
.Cm load
|
|
.Nm
|
|
.Cm unload
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
utility is used to configure encryption on GEOM providers.
|
|
.Pp
|
|
The following is a list of the most important features:
|
|
.Pp
|
|
.Bl -bullet -offset indent -compact
|
|
.It
|
|
Utilizes the
|
|
.Xr crypto 9
|
|
framework, so when there is crypto hardware available,
|
|
.Nm
|
|
will make use of it automatically.
|
|
.It
|
|
Supports many cryptographic algorithms (currently
|
|
.Nm AES ,
|
|
.Nm Blowfish ,
|
|
.Nm Camellia
|
|
and
|
|
.Nm 3DES ) .
|
|
.It
|
|
Can optionally perform data authentication (integrity verification) utilizing
|
|
one of the following algorithms:
|
|
.Nm HMAC/MD5 ,
|
|
.Nm HMAC/SHA1 ,
|
|
.Nm HMAC/RIPEMD160 ,
|
|
.Nm HMAC/SHA256 ,
|
|
.Nm HMAC/SHA384
|
|
or
|
|
.Nm HMAC/SHA512 .
|
|
.It
|
|
Can create a key from a couple of components (user entered passphrase, random
|
|
bits from a file, etc.).
|
|
.It
|
|
Allows to encrypt the root partition - the user will be asked for the
|
|
passphrase before the root file system is mounted.
|
|
.It
|
|
The passphrase of the user is strengthened with:
|
|
.Rs
|
|
.%A B. Kaliski
|
|
.%T "PKCS #5: Password-Based Cryptography Specification, Version 2.0."
|
|
.%R RFC
|
|
.%N 2898
|
|
.Re
|
|
.It
|
|
Allows to use two independent keys (e.g.
|
|
.Qq "user key"
|
|
and
|
|
.Qq "company key" ) .
|
|
.It
|
|
It is fast -
|
|
.Nm
|
|
performs simple sector-to-sector encryption.
|
|
.It
|
|
Allows to backup/restore Master Keys, so when a user has to quickly
|
|
destroy his keys,
|
|
it is possible to get the data back by restoring keys from the backup.
|
|
.It
|
|
Providers can be configured to automatically detach on last close
|
|
(so users do not have to remember to detach providers after unmounting
|
|
the file systems).
|
|
.It
|
|
Allows to attach a provider with a random, one-time key - useful for swap
|
|
partitions and temporary file systems.
|
|
.It
|
|
Allows to verify data integrity (data authentication).
|
|
.El
|
|
.Pp
|
|
The first argument to
|
|
.Nm
|
|
indicates an action to be performed:
|
|
.Bl -tag -width ".Cm configure"
|
|
.It Cm init
|
|
Initialize provider which needs to be encrypted.
|
|
Here you can set up the cryptographic algorithm to use, key length, etc.
|
|
The last provider's sector is used to store metadata.
|
|
.Pp
|
|
Additional options include:
|
|
.Bl -tag -width ".Fl a Ar aalgo"
|
|
.It Fl a Ar aalgo
|
|
Enable data integrity verification (authentication) using the given algorithm.
|
|
This will reduce size of available storage and also reduce speed.
|
|
For example, when using 4096 bytes sector and
|
|
.Nm HMAC/SHA256
|
|
algorithm, 89% of the original provider storage will be available for use.
|
|
Currently supported algorithms are:
|
|
.Nm HMAC/MD5 ,
|
|
.Nm HMAC/SHA1 ,
|
|
.Nm HMAC/RIPEMD160 ,
|
|
.Nm HMAC/SHA256 ,
|
|
.Nm HMAC/SHA384
|
|
and
|
|
.Nm HMAC/SHA512 .
|
|
If the option is not given, there will be no authentication, only encryption.
|
|
.It Fl e Ar ealgo
|
|
Encryption algorithm to use.
|
|
Currently supported algorithms are:
|
|
.Nm AES ,
|
|
.Nm Blowfish ,
|
|
.Nm Camellia
|
|
and
|
|
.Nm 3DES .
|
|
The default is
|
|
.Nm AES .
|
|
.It Fl b
|
|
Ask for the passphrase on boot, before the root partition is mounted.
|
|
This makes it possible to use an encrypted root partition.
|
|
One will still need bootable unencrypted storage with a
|
|
.Pa /boot/
|
|
directory, which can be a CD-ROM disc or USB pen-drive, that can be removed
|
|
after boot.
|
|
.It Fl i Ar iterations
|
|
Number of iterations to use with PKCS#5v2.
|
|
If this option is not specified,
|
|
.Nm
|
|
will find the number of iterations which is equal to 2 seconds of crypto work.
|
|
If 0 is given, PKCS#5v2 will not be used.
|
|
.It Fl K Ar newkeyfile
|
|
Specifies a file which contains part of the key.
|
|
If
|
|
.Ar newkeyfile
|
|
is given as -, standard input will be used.
|
|
Here is how more than one file with a key component can be used:
|
|
.Bd -literal -offset indent
|
|
# cat key1 key2 key3 | geli init -K - /dev/da0
|
|
.Ed
|
|
.It Fl l Ar keylen
|
|
Key length to use with the given cryptographic algorithm.
|
|
If not given, the default key length for the given algorithm is used, which is:
|
|
128 for
|
|
.Nm AES ,
|
|
128 for
|
|
.Nm Blowfish ,
|
|
128 for
|
|
.Nm Camellia
|
|
and 192 for
|
|
.Nm 3DES .
|
|
.It Fl s Ar sectorsize
|
|
Change decrypted provider's sector size.
|
|
Increasing sector size allows to increase performance, because we need to
|
|
generate an IV and do encrypt/decrypt for every single sector - less number
|
|
of sectors means less work to do.
|
|
.It Fl P
|
|
Do not use passphrase as the key component.
|
|
.El
|
|
.It Cm attach
|
|
Attach the given provider.
|
|
The master key will be decrypted using the given
|
|
passphrase/keyfile and a new GEOM provider will be created using the given
|
|
provider's name with an
|
|
.Qq .eli
|
|
suffix.
|
|
.Pp
|
|
Additional options include:
|
|
.Bl -tag -width ".Fl a Ar algo"
|
|
.It Fl d
|
|
If specified, a decrypted provider will be detached automatically on last close.
|
|
This can help with short memory - user does not have to remember to detach the
|
|
provider after unmounting the file system.
|
|
It only works when the provider was opened for writing, so it will not work if
|
|
the file system on the provider is mounted read-only.
|
|
Probably a better choice is the
|
|
.Fl l
|
|
option for the
|
|
.Cm detach
|
|
subcommand.
|
|
.It Fl r
|
|
Attach read-only provider.
|
|
It will not be opened for writing.
|
|
.It Fl k Ar keyfile
|
|
Specifies a file which contains part of the key.
|
|
For more information see the description of the
|
|
.Fl K
|
|
option for the
|
|
.Cm init
|
|
subcommand.
|
|
.It Fl p
|
|
Do not use passphrase as the key component.
|
|
.El
|
|
.It Cm detach
|
|
Detach the given providers, which means remove the devfs entry
|
|
and clear the keys from memory.
|
|
.Pp
|
|
Additional options include:
|
|
.Bl -tag -width ".Fl a Ar algo"
|
|
.It Fl f
|
|
Force detach - detach even if the provider is open.
|
|
.It Fl l
|
|
Mark provider to detach on last close.
|
|
If this option is specified, the provider will not be detached
|
|
until it is open, but when it will be closed last time, it will
|
|
be automatically detached (even
|
|
if it was only opened for reading).
|
|
.El
|
|
.It Cm onetime
|
|
Attach the given providers with random, one-time keys.
|
|
The command can be used to encrypt swap partitions or temporary file systems.
|
|
.Pp
|
|
Additional options include:
|
|
.Bl -tag -width ".Fl a Ar aalgo"
|
|
.It Fl a Ar aalgo
|
|
Enable data integrity verification (authentication).
|
|
For more information, see the description of the
|
|
.Cm init
|
|
subcommand.
|
|
.It Fl e Ar ealgo
|
|
Encryption algorithm to use.
|
|
For more information, see the description of the
|
|
.Cm init
|
|
subcommand.
|
|
.It Fl d
|
|
Detach on last close.
|
|
Note, the option is not usable for temporary file systems as the provider will
|
|
be detached after creating the file system on it.
|
|
It still can (and should be) used for swap partitions.
|
|
For more information, see the description of the
|
|
.Cm attach
|
|
subcommand.
|
|
.It Fl l Ar keylen
|
|
Key length to use with the given cryptographic algorithm.
|
|
For more information, see the description of the
|
|
.Cm init
|
|
subcommand.
|
|
.It Fl s Ar sectorsize
|
|
Change decrypted provider's sector size.
|
|
For more information, see the description of the
|
|
.Cm init
|
|
subcommand.
|
|
.El
|
|
.It Cm configure
|
|
Change configuration of the given providers.
|
|
.Pp
|
|
Additional options include:
|
|
.Bl -tag -width ".Fl b"
|
|
.It Fl b
|
|
Set the BOOT flag on the given providers.
|
|
For more information, see the description of the
|
|
.Cm init
|
|
subcommand.
|
|
.It Fl B
|
|
Remove the BOOT flag from the given providers.
|
|
.El
|
|
.It Cm setkey
|
|
Change or setup (if not yet initialized) selected key.
|
|
There is one master key, which can be encrypted with two independent user keys.
|
|
With the
|
|
.Cm init
|
|
subcommand, only key number 0 is initialized.
|
|
The key can always be changed: for an attached provider,
|
|
for a detached provider or on the backup file.
|
|
When a provider is attached, the user does not have to provide
|
|
an old passphrase/keyfile.
|
|
.Pp
|
|
Additional options include:
|
|
.Bl -tag -width ".Fl a Ar algo"
|
|
.It Fl i Ar iterations
|
|
Number of iterations to use with PKCS#5v2.
|
|
If 0 is given, PKCS#5v2 will not be used.
|
|
To be able to use this option with
|
|
.Cm setkey
|
|
subcommand, only one key have to be defined and this key has to be changed.
|
|
.It Fl k Ar keyfile
|
|
Specifies a file which contains part of the old key.
|
|
.It Fl K Ar newkeyfile
|
|
Specifies a file which contains part of the new key.
|
|
.It Fl n Ar keyno
|
|
Specifies the number of the key to change (could be 0 or 1).
|
|
If the provider is attached and no key number is given, the key
|
|
used for attaching the provider will be changed.
|
|
If the provider is detached (or we are operating on a backup file)
|
|
and no key number is given, the key decrypted with the passphrase/keyfile
|
|
will be changed.
|
|
.It Fl p
|
|
Do not use passphrase as the old key component.
|
|
.It Fl P
|
|
Do not use passphrase as the new key component.
|
|
.El
|
|
.It Cm delkey
|
|
Destroy (overwrite with random data) the selected key.
|
|
If one is destroying keys for an attached provider, the provider
|
|
will not be detached even if all keys will be destroyed.
|
|
It can be even rescued with the
|
|
.Cm setkey
|
|
subcommand.
|
|
.Bl -tag -width ".Fl a Ar algo"
|
|
.It Fl a
|
|
Destroy all keys (does not need
|
|
.Fl f
|
|
option).
|
|
.It Fl f
|
|
Force key destruction.
|
|
This option is needed to destroy the last key.
|
|
.It Fl n Ar keyno
|
|
Specifies the key number.
|
|
If the provider is attached and no key number is given, the key
|
|
used for attaching the provider will be destroyed.
|
|
If provider is detached (or we are operating on a backup file) the key number
|
|
has to be given.
|
|
.El
|
|
.It Cm kill
|
|
This command should be used in emergency situations.
|
|
It will destroy all keys on the given provider and will detach it forcibly
|
|
(if it is attached).
|
|
This is absolutely a one-way command - if you do not have a metadata
|
|
backup, your data is gone for good.
|
|
In case the provider was attached with the
|
|
.Fl r
|
|
flag, the keys will not be destroyed, only the provider will be detached.
|
|
.Bl -tag -width ".Fl a Ar algo"
|
|
.It Fl a
|
|
If specified, all currently attached providers will be killed.
|
|
.El
|
|
.It Cm backup
|
|
Backup metadata from the given provider to the given file.
|
|
.It Cm restore
|
|
Restore metadata from the given file to the given provider.
|
|
.It Cm clear
|
|
Clear metadata from the given providers.
|
|
.It Cm dump
|
|
Dump metadata stored on the given providers.
|
|
.It Cm list
|
|
See
|
|
.Xr geom 8 .
|
|
.It Cm status
|
|
See
|
|
.Xr geom 8 .
|
|
.It Cm load
|
|
See
|
|
.Xr geom 8 .
|
|
.It Cm unload
|
|
See
|
|
.Xr geom 8 .
|
|
.El
|
|
.Pp
|
|
Additional options include:
|
|
.Bl -tag -width ".Fl v"
|
|
.It Fl v
|
|
Be more verbose.
|
|
.El
|
|
.Sh SYSCTL VARIABLES
|
|
The following
|
|
.Xr sysctl 8
|
|
variables can be used to control the behavior of the
|
|
.Nm ELI
|
|
GEOM class.
|
|
The default value is shown next to each variable.
|
|
All variables can also be set in
|
|
.Pa /boot/loader.conf .
|
|
.Bl -tag -width indent
|
|
.It Va kern.geom.eli.debug : No 0
|
|
Debug level of the
|
|
.Nm ELI
|
|
GEOM class.
|
|
This can be set to a number between 0 and 3 inclusive.
|
|
If set to 0, minimal debug information is printed.
|
|
If set to 3, the
|
|
maximum amount of debug information is printed.
|
|
.It Va kern.geom.eli.tries : No 3
|
|
Number of times a user is asked for the passphrase.
|
|
This is only used for providers which should be attached on boot
|
|
(before the root file system is mounted).
|
|
If set to 0, attaching providers on boot will be disabled.
|
|
This variable should be set in
|
|
.Pa /boot/loader.conf .
|
|
.It Va kern.geom.eli.overwrites : No 5
|
|
Specifies how many times the Master-Key will be overwritten
|
|
with random values when it is destroyed.
|
|
After this operation it is filled with zeros.
|
|
.It Va kern.geom.eli.visible_passphrase : No 0
|
|
If set to 1, the passphrase entered on boot (before the root
|
|
file system is mounted) will be visible.
|
|
This possibility should be used with caution as the entered
|
|
passphrase can be logged and exposed via
|
|
.Xr dmesg 8 .
|
|
This variable should be set in
|
|
.Pa /boot/loader.conf .
|
|
.It Va kern.geom.eli.threads : No 0
|
|
Specifies how many kernel threads should be used for doing software
|
|
cryptography.
|
|
Its purpose is to increase performance on SMP systems.
|
|
If hardware acceleration is available, only one thread will be started.
|
|
If set to 0, CPU-bound thread will be started for every active CPU.
|
|
.It Va kern.geom.eli.batch : No 0
|
|
When set to 1, can speed-up crypto operations by using batching.
|
|
Batching allows to reduce number of interrupts by responding on a group of
|
|
crypto requests with one interrupt.
|
|
The crypto card and the driver has to support this feature.
|
|
.El
|
|
.Sh EXIT STATUS
|
|
Exit status is 0 on success, and 1 if the command fails.
|
|
.Sh EXAMPLES
|
|
Initialize a provider which is going to be encrypted with a
|
|
passphrase and random data from a file on the user's pen drive.
|
|
Use 4kB sector size.
|
|
Attach the provider, create a file system and mount it.
|
|
Do the work.
|
|
Unmount the provider and detach it:
|
|
.Bd -literal -offset indent
|
|
# dd if=/dev/random of=/mnt/pendrive/da2.key bs=64 count=1
|
|
# geli init -s 4096 -K /mnt/pendrive/da2.key /dev/da2
|
|
Enter new passphrase:
|
|
Reenter new passphrase:
|
|
# geli attach -k /mnt/pendrive/da2.key /dev/da2
|
|
Enter passphrase:
|
|
# dd if=/dev/random of=/dev/da2.eli bs=1m
|
|
# newfs /dev/da2.eli
|
|
# mount /dev/da2.eli /mnt/secret
|
|
\&...
|
|
# umount /mnt/secret
|
|
# geli detach da2.eli
|
|
.Ed
|
|
.Pp
|
|
Create an encrypted provider, but use two keys:
|
|
one for your girlfriend and one for
|
|
you (so there will be no tragedy if she forgets her passphrase):
|
|
.Bd -literal -offset indent
|
|
# geli init /dev/da2
|
|
Enter new passphrase: (enter your passphrase)
|
|
Reenter new passphrase:
|
|
# geli setkey -n 1 /dev/da2
|
|
Enter passphrase: (enter your passphrase)
|
|
Enter new passphrase: (let your girlfriend enter her passphrase ...)
|
|
Reenter new passphrase: (... twice)
|
|
.Ed
|
|
.Pp
|
|
You are the security-person in your company.
|
|
Create an encrypted provider for use by the user, but remember that users
|
|
forget their passphrases, so back Master Key up with your own random key:
|
|
.Bd -literal -offset indent
|
|
# dd if=/dev/random of=/mnt/pendrive/keys/`hostname` bs=64 count=1
|
|
# geli init -P -K /mnt/pendrive/keys/`hostname` /dev/ad0s1e
|
|
# geli backup /dev/ad0s1e /mnt/pendrive/backups/`hostname`
|
|
(use key number 0, so the encrypted Master Key by you will be overwritten)
|
|
# geli setkey -n 0 -k /mnt/pendrive/keys/`hostname` /dev/ad0s1e
|
|
(allow the user to enter his passphrase)
|
|
Enter new passphrase:
|
|
Reenter new passphrase:
|
|
.Ed
|
|
.Pp
|
|
Encrypted swap partition setup:
|
|
.Bd -literal -offset indent
|
|
# dd if=/dev/random of=/dev/ad0s1b bs=1m
|
|
# geli onetime -d -e 3des ad0s1b
|
|
# swapon /dev/ad0s1b.eli
|
|
.Ed
|
|
.Pp
|
|
The example below shows how to configure two providers which will be attached
|
|
on boot (before the root file system is mounted).
|
|
One of them is using passphrase and three keyfiles and the other is using only a
|
|
keyfile:
|
|
.Bd -literal -offset indent
|
|
# dd if=/dev/random of=/dev/da0 bs=1m
|
|
# dd if=/dev/random of=/boot/keys/da0.key0 bs=32k count=1
|
|
# dd if=/dev/random of=/boot/keys/da0.key1 bs=32k count=1
|
|
# dd if=/dev/random of=/boot/keys/da0.key2 bs=32k count=1
|
|
# cat /boot/keys/da0.key0 /boot/keys/da0.key1 /boot/keys/da0.key2 | geli init -b -K - da0
|
|
Enter new passphrase:
|
|
Reenter new passphrase:
|
|
# dd if=/dev/random of=/dev/da1s3a bs=1m
|
|
# dd if=/dev/random of=/boot/keys/da1s3a.key bs=128k count=1
|
|
# geli init -b -P -K /boot/keys/da1s3a.key da1s3a
|
|
.Ed
|
|
.Pp
|
|
The providers are initialized, now we have to add those lines to
|
|
.Pa /boot/loader.conf :
|
|
.Bd -literal -offset indent
|
|
geli_da0_keyfile0_load="YES"
|
|
geli_da0_keyfile0_type="da0:geli_keyfile0"
|
|
geli_da0_keyfile0_name="/boot/keys/da0.key0"
|
|
geli_da0_keyfile1_load="YES"
|
|
geli_da0_keyfile1_type="da0:geli_keyfile1"
|
|
geli_da0_keyfile1_name="/boot/keys/da0.key1"
|
|
geli_da0_keyfile2_load="YES"
|
|
geli_da0_keyfile2_type="da0:geli_keyfile2"
|
|
geli_da0_keyfile2_name="/boot/keys/da0.key2"
|
|
|
|
geli_da1s3a_keyfile0_load="YES"
|
|
geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0"
|
|
geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"
|
|
.Ed
|
|
.Pp
|
|
Not only configure encryption, but also data integrity verification using
|
|
.Nm HMAC/SHA256 .
|
|
.Bd -literal -offset indent
|
|
# geli init -a hmac/sha256 -s 4096 /dev/da0
|
|
Enter new passphrase:
|
|
Reenter new passphrase:
|
|
# geli attach /dev/da0
|
|
Enter passphrase:
|
|
# dd if=/dev/random of=/dev/da0.eli bs=1m
|
|
# newfs /dev/da0.eli
|
|
# mount /dev/da0.eli /mnt/secret
|
|
.Ed
|
|
.Sh DATA AUTHENTICATION
|
|
.Nm
|
|
can verify data integrity when an authentication algorithm is specified.
|
|
When data corruption/modification is detected,
|
|
.Nm
|
|
will not return any data, but instead will return an error
|
|
.Pq Er EINVAL .
|
|
The offset and size of the corrupted data will be printed on the console.
|
|
It is important to know against which attacks
|
|
.Nm
|
|
provides protection for your data.
|
|
If data is modified in-place or copied from one place on the disk
|
|
to another even without modification,
|
|
.Nm
|
|
should be able to detect such a change.
|
|
If an attacker can remember the encrypted data, he can overwrite any future
|
|
changes with the data he owns without notice.
|
|
In other words
|
|
.Nm
|
|
will not protect your data against replay attacks.
|
|
.Sh SEE ALSO
|
|
.Xr crypto 4 ,
|
|
.Xr gbde 4 ,
|
|
.Xr geom 4 ,
|
|
.Xr loader.conf 5 ,
|
|
.Xr gbde 8 ,
|
|
.Xr geom 8 ,
|
|
.Xr crypto 9
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
utility appeared in
|
|
.Fx 6.0 .
|
|
Support for
|
|
.Nm Camellia
|
|
block cipher is implemented by Yoshisato Yanagisawa in
|
|
.Fx 7.0 .
|
|
.Sh AUTHORS
|
|
.An Pawel Jakub Dawidek Aq pjd@FreeBSD.org
|