svn commit: r213071 - head/sbin/geom/class/eli
Pawel Jakub Dawidek
pjd at FreeBSD.org
Thu Sep 23 12:00:41 UTC 2010
Author: pjd
Date: Thu Sep 23 12:00:40 2010
New Revision: 213071
URL: http://svn.freebsd.org/changeset/base/213071
Log:
Document AES-XTS.
MFC after: 1 week
Modified:
head/sbin/geom/class/eli/geli.8
Modified: head/sbin/geom/class/eli/geli.8
==============================================================================
--- head/sbin/geom/class/eli/geli.8 Thu Sep 23 11:58:36 2010 (r213070)
+++ head/sbin/geom/class/eli/geli.8 Thu Sep 23 12:00:40 2010 (r213071)
@@ -1,4 +1,4 @@
-.\" Copyright (c) 2005-2008 Pawel Jakub Dawidek <pjd at FreeBSD.org>
+.\" Copyright (c) 2005-2010 Pawel Jakub Dawidek <pjd at FreeBSD.org>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -24,7 +24,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd September 20, 2010
+.Dd September 23, 2010
.Dt GELI 8
.Os
.Sh NAME
@@ -151,11 +151,12 @@ framework, so when there is crypto hardw
will make use of it automatically.
.It
Supports many cryptographic algorithms (currently
-.Nm AES ,
-.Nm Blowfish ,
-.Nm Camellia
+.Nm AES-XTS ,
+.Nm AES-CBC ,
+.Nm Blowfish-CBC ,
+.Nm Camellia-CBC
and
-.Nm 3DES ) .
+.Nm 3DES-CBC ) .
.It
Can optionally perform data authentication (integrity verification) utilizing
one of the following algorithms:
@@ -257,13 +258,14 @@ as the
.It Fl e Ar ealgo
Encryption algorithm to use.
Currently supported algorithms are:
-.Nm AES ,
-.Nm Blowfish ,
-.Nm Camellia
+.Nm AES-XTS ,
+.Nm AES-CBC ,
+.Nm Blowfish-CBC ,
+.Nm Camellia-CBC
and
-.Nm 3DES .
+.Nm 3DES-CBC .
The default and recommended algorithm is
-.Nm AES .
+.Nm AES-XTS .
.It Fl i Ar iterations
Number of iterations to use with PKCS#5v2.
If this option is not specified,
@@ -283,13 +285,13 @@ Here is how more than one file with a ke
Key length to use with the given cryptographic algorithm.
If not given, the default key length for the given algorithm is used, which is:
128 for
-.Nm AES ,
-128 for
-.Nm Blowfish ,
-128 for
-.Nm Camellia
+.Nm AES-XTS ,
+.Nm AES-CBC ,
+.Nm Blowfish-CBC
+and
+.Nm Camellia-CBC
and 192 for
-.Nm 3DES .
+.Nm 3DES-CBC .
.It Fl P
Do not use passphrase as the key component.
.It Fl s Ar sectorsize
@@ -709,6 +711,21 @@ update the metadata:
# geli resize -s 1g ada0p1
# geli attach -k keyfile -p ada0p1
.Ed
+.Sh ENCRYPTION MODES
+.Nm
+supports two encryption modes:
+.Nm XTS ,
+which was standarized as
+.Nm IEE P1619
+and
+.Nm CBC
+with unpredictable IV.
+The
+.Nm CBC
+mode used by
+.Nm
+is very similar to the mode
+.Nm ESSIV .
.Sh DATA AUTHENTICATION
.Nm
can verify data integrity when an authentication algorithm is specified.
More information about the svn-src-head
mailing list