GnuPG smart card && geli

mfv mfv at
Fri May 19 16:15:17 UTC 2017

> On Fri, 2017-05-19 at 16:14 RW via freebsd-questions
> <freebsd-questions at> wrote:
>On Fri, 19 May 2017 10:19:06 -0400
>mfv via freebsd-questions wrote:
>> >This would lead to a system (netbook) which never can be booted or
>> >otherwise data read from and you can only boot it with the USB boot
>> >key, the USB GnuPG-card and the PIN (normally 6 digits).  
>6 digits doesn't sound very secure.
>> >Any comments on this?
>> >
>> >	matthias
>> >    
>> Hello Matthias,
>> I agree with your idea.  Some time ago I did some research to find
>> out a method to read the password from a USB memory stick but was not
>> successful.  I was not concerned with disk encryption, just wanted a
>> very long password, automatic login and no system access without a
>> hardware key.    
>A geli device can be set-up to use a passphrase and/or a passfile. You
>could just put the passfile on a memory stick and not use
>a passphrase at all.
>FWIW I use a passfile to attach geli encrypted partitions, but the
>passfile is stored in a small geli encrypted file-backed md device
>that's passphrase protected. I did this just to avoid having to type
>any more than I need to, but that backing file could just as easily be
>on a memory stick.  
>freebsd-questions at mailing list
>To unsubscribe, send any mail to
>"freebsd-questions-unsubscribe at"

Hello RW,

Is it possible to automatically read a password/passfile during boot
up from a USB memory stick without geli? If so, how?

Cheers ...


More information about the freebsd-questions mailing list