[Bug 194304] New: gbde does not announce destroyed keys
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Oct 11 17:58:41 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194304
Bug ID: 194304
Summary: gbde does not announce destroyed keys
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: Needs Triage
Severity: Affects Many People
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: mwlucas at michaelwlucas.com
One key feature of GBDE is that it's supposed to say "The passphrase exists,
but the key has been destroyed." This feature no longer works. (See the
discussion at
https://lists.freebsd.org/pipermail/freebsd-hackers/2014-October/046239.html)
Here's some examples:
# gbde nuke gpt/encrypted -l /etc/encrypted.lock -n -1
Enter passphrase:
Opened with key 0
Nuked key 0
Nuked key 1
Nuked key 2
Nuked key 3
# gbde attach gpt/encrypted -l /etc/encrypted.lock
Enter passphrase:
#
The .bde device isn't there, and my filesystem is gone. But I received
no confirmation that the keys were destroyed.
I also didn't get a message that the device couldn't be attached,
although it clearly isn't.
Let's try 'gbde destroy'.
# gbde init /dev/gpt/encrypted -L /etc/encrypted.lock
Enter new passphrase:
Reenter new passphrase:
# gbde destroy gpt/encrypted -l /etc/encrypted.lock
Enter passphrase:
Opened with key 0
# gbde attach gpt/encrypted -l /etc/encrypted.lock
Enter passphrase:
#
The device isn't attached, it just fails silently. And failing with a
specific complaint is the whole point of GBDE.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list