11.3: GELI attach: Wrong key despite correct passphrase
Ben Woods
woodsb02 at gmail.com
Sun Aug 18 22:27:47 UTC 2019
On Mon, 19 Aug 2019 at 3:05 am, Marco Steinbach <coco at executive-computing.de>
wrote:
> On Sun, 18 Aug 2019 10:20:51 -0500
> CyberLeo Kitsana <cyberleo at cyberleo.net> wrote:
>
> > On 8/18/19 8:46 AM, Marco Steinbach wrote:
> > > Hi.
> > >
> > > I have two bootable SSDs, both installed using a GELI encrypted
> > > root on ZFS.
> >
> > <snip>
> >
> > > I've then imported the bootpool from da0, and mounted it, so I can
> > > try using the key in boot/
> > >
> > > root at bsdbuch:~ # geli attach -k /bootpool/boot/ada0p5.eli /dev/da0p5
> > > Enter passphrase:
> > > geli: Wrong key for da0p5.
> >
> > Did you intend on combining both a keyfile AND a passphrase here? If
> > not, include the -p option to instruct geli to avoid asking for a
> > passphrase to mix in.
> >
> > It might also help to include the output of 'geli dump' for both of
> > the affected providers. You can obscure the 'Salt' and 'Master Key'
> > portions if you so desire.
> >
>
> I think there's a misunderstanding.
>
> I merely want to attach the GELI created by the 11.1 installer to a
> newly installed 11.3 system.
>
> MfG CoCo
Indeed, but what secrets do you need to provide to decrypt the geli
providers (passphrase, passfile, keyfile)? The command above will use both
a keyfile and prompt for a passphrase - was this your intention?
The “attach” section of this manpage has more details if required:
https://man.freebsd.org/geli
Cheers,
Ben
> --
--
From: Benjamin Woods
woodsb02 at gmail.com
More information about the freebsd-geom
mailing list