Re: FreeBSD Security Advisory FreeBSD-SA-23:01.geli

In reply to: grarpamp : "Re: FreeBSD Security Advisory FreeBSD-SA-23:01.geli"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Mel Pilgrim <list_freebsd_at_bluerosetech.com>
Date: Fri, 17 Feb 2023 22:52:06 UTC

On 2023-02-16 17:27, grarpamp wrote:
> On 2/15/23, Mel Pilgrim <list_freebsd@bluerosetech.com> wrote:
>> # echo -n | geli attach -C -p -k - gpt/zdata15
>> geli: Wrong key for gpt/zdata15.
>> geli: There was an error with at least one provider.
> 
> That test failed so the "empty" or "NULL" key (aka "echo -n")
> is not the key. These should not work either
> 
> printf '' | geli
> printf '\000'
> printf '\n'
> printf ' '
> printf 'notthekey'
> 
> and only
> 
> cat /path/to/your/keyfile | geli
> 
> should work.

Thank you for the clarification.  I tested all of my geli devices and 
indeed anything I try other than the correct keyfile for that device 
produces that error so I'm assuming that means I don't need to re-crypt 
things.