-p with GELI

[Pawel Jakub Dawidek]

On Wed, Feb 08, 2006 at 08:56:27PM +0100, Christian Baer wrote:
+> Hi folks!
+> 
+> Is there some way to make GELI do the same this as GBDE does when the -p
+> (small 'p') is used? The idea is to run GELI in a script, ask for the
+> passphrase once and then attach, check and mount several providers with
+> the same passphrase automatically.

The '-p' option is gbde(8) is actually only for debug purposes, as other
users can see it in ps(1) output (if not configured otherwise) and the
passphrase will be logged via audit mechanism which is currenty merged
to the tree.

What you want to use is '-k' option.
If you really know what you're doing you can do something like this:

#!/bin/sh

stty -echo
read -p "Enter passphrase: " passphrase
stty echo
echo "${passphrase}" | geli attach -k - da0
echo "${passphrase}" | geli attach -k - da1
echo "${passphrase}" | geli attach -k - da2

I suggest not to use the same passphrase for all providers.
You can always do something like:

pass_da0=`echo "0${passphrase}0" | sha256`
pass_da1=`echo "1${passphrase}1" | sha256`
pass_da2=`echo "2${passphrase}2" | sha256`

echo "${pass_da0}" | geli attach -k - da0
echo "${pass_da1}" | geli attach -k - da1
echo "${pass_da2}" | geli attach -k - da2

-- 
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd at FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-geom/attachments/20060208/6cfdc586/attachment.bin