GELI: change keyfile to passphrase
Thomas Nickl
T.Nickl at gmx.net
Wed Jan 24 00:11:47 UTC 2007
Hi,
I know a way to destroy your geli partition without knowing ;) :
dd if=/dev/random of=/tmp/keyfile count=1 bs=128
geli init -s 4096 -b -P -K /tmp/keyfile /dev/md9
geli attach -p -k /tmp/keyfile /dev/md9
geli setkey -n 0 /dev/md9
> <new password entered twice>
geli detach /dev/md9
geli attach /dev/md9
> Missing -p flag.
geli attach -p /dev/md9
> No key components given.
geli attach -p -k /tmp/keyfile /dev/md9
> Wrong key for md9.
Replacing the setkey line with
geli setkey -n 0 -p -k /tmp/keyfile /dev/md9
doesen't help.
HOWEVER,
geli detach /dev/md9
and then
geli setkey -n 0 -p -k /tmp/keyfile /dev/md9
works as designed ("geli attach /dev/md9" now asks for a passphrase)
So I can recommend: never set a key with an attached media.
I have "FreeBSD washu 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Sun May 7
04:42:56 UTC 2006 root at opus.cse.buffalo.edu:/usr/obj/usr/src/sys/SMP
i386".
More information about the freebsd-geom
mailing list