geli setkey n 1 anomaly :: or am I missing something

Fabian Keil freebsd-listen at
Tue Sep 27 14:28:27 UTC 2016

Shamim Shahriar <shamim.shahriar at> wrote:

> Good afternoon all, I am having some difficulty with geli. I am trying to
> set up an encrypted provider for my users, using the setkey feature, but it
> is not working.
> system: FreeBSD 11-RC3
> from the man page
>      Create an encrypted provider, but use two User Keys: one for your
>      employee and one for you as the company's security officer (so it is
> not
>      a tragedy if the employee "accidentally" forgets his passphrase):
>            # geli init /dev/da2
>            Enter new passphrase:   (enter security officer's passphrase)
>            Reenter new passphrase:
>            # geli setkey -n 1 /dev/da2
>            Enter passphrase:       (enter security officer's passphrase)
>            Enter new passphrase:   (let your employee enter his passphrase
> ...)
>            Reenter new passphrase: (... twice)
> Following this path, I have encrypted a provider, ada0p4
> # geli init -e aes-xts -l 256 -K geli.key /dev/ada0p4
> Enter new passphrase:   # I enter my passphrase
> Reenter new passphrase: # I re-enter my passphrase
> all is good.
> Now, I am trying to set up the passphrase for the colleague
> # geli setkey n 1 -k geli.key /dev/ada0p4
> Enter passphrase:       # entered my passphrase
> Enter new passphrase:   # entered colleague's passphrase
> Reenter new passphrase: # re-entered colleague's passphrase

You probably meant to add "-K geli.key" to also
use a keyfile for the second slot.

> As I try to attach using colleague's passphrase, I get a Wrong key error.
> My key works fine.
> # geli attach -k geli.key /dev/ada0p4
> Enter passphrase:   # I put colleague's passphrase
> Wrong key

This is expected as no keyfile has been configured
for the second slot.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the freebsd-questions mailing list