Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 8 Sep 2007 16:05:18 +0200
From:      "Thomas Hobbes" <mymailfloods@googlemail.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: Encrypting mirrored device with geli fails
Message-ID:  <c4a063eb0709080705w37874c44me6dbf4d7d74234cc@mail.gmail.com>
In-Reply-To: <20070908154809.A41025@wojtek.tensor.gdynia.pl>
References:  <c4a063eb0709061229ge663651gebc07a499e9c9d0f@mail.gmail.com> <20070906222815.R29129@wojtek.tensor.gdynia.pl> <c4a063eb0709070605w33a2e209i2d8b02f8fd9b690d@mail.gmail.com> <c4a063eb0709080636h47a1ff0cj376127001e94721e@mail.gmail.com> <20070908154809.A41025@wojtek.tensor.gdynia.pl>
next in thread | previous in thread | raw e-mail | index | archive | help 
>>

> >>> I was trying to encrypt /dev/mirror/gm0s1f but a "MD5 mismatch"
> >> occurred:
> >>
> >> # umount /crypt
> >>> # dd if=/dev/random of=/root/gm0s1f.key bs=64 count=1
> >>> 1+0 records in
> >>> 1+0 records out
> >>> 64 bytes transferred in 0.000580 secs (110331 bytes/sec)
> >>
> >> longer.. 32k or so.
> >
> >
> > The same failure occurred.
>
> magic
>
> or you did something wrong
>
> i would do
>
> gmirror <all needed> - already done
>
> geli init -s 2048 -P -K /root/gm0s1f.key /dev/mirror/gm0s1f
>
> (or -s different, but you will probably use newfs -f 2048)
>
> geli attach -p -k /root/gm0s1f.key /dev/mirror/gm0s1f
>
> i am using geli encrpted gmirror, just without keyfile, but password only
> on 2 servers.
>
> example
>
> [root@serwer ~]# geli status
>           Name  Status  Components
> mirror/m1.eli     N/A  mirror/m1
>   concat/c.eli     N/A  concat/c
>       ad2b.eli     N/A  ad2b
>       ad0b.eli     N/A  ad0b
>

I did this:

# geli clear /dev/mirror/gm0s1f
# dd if=/dev/random of=/root/gm0s1f.key bs=32k count=1
# geli init -s 4096 -l 256 -K /root/gm0s1f.key /dev/mirror/gm0s1f
# geli attach -k /root/gm0s1f.key /dev/mirror/gm0s1f

Again a "MD5 mismatch" occurred. I tried it without a key and the same error
occurred. Encrypting with a onetime-key works fine. The error occures also
while doing 'geli dump /dev/mirror/gm0s1f'. Any idea what's wrong?

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c4a063eb0709080705w37874c44me6dbf4d7d74234cc>