Date: Mon, 04 Apr 2016 15:16:29 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-geom@FreeBSD.org Subject: [Bug 134113] [geli] Problem setting secondary GELI key Message-ID: <bug-134113-14739-jbzVo5LOx9@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-134113-14739@https.bugs.freebsd.org/bugzilla/> References: <bug-134113-14739@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D134113 Fabian Keil <fk@fabiankeil.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fk@fabiankeil.de --- Comment #3 from Fabian Keil <fk@fabiankeil.de> --- By design, geli only stores one iteration count on disk and as a result, some key combinations are not supported. Setting both keys to passphrase+keyfile is fine and so is using a passphrase for one key and passphrase+keyfile for the other one. Letting only one of two keys use a passphrase is not supported because this would require different iteration values which can't be stored on disk. Your "workaround" does not actually work around this limitation because it does not require two different iteration counts. It could be argued that the error message is a bit cryptic and that geli.8 should document this limitation more explicitly, but the fact that you get an error message itself is not a bug. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-134113-14739-jbzVo5LOx9>