Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 27 Sep 2016 15:01:29 +0100
From:      Shamim Shahriar <shamim.shahriar@gmail.com>
To:        "freebsd-questions@FreeBSD.org" <freebsd-questions@freebsd.org>
Subject:   geli setkey n 1 anomaly :: or am I missing something
Message-ID:  <CAOyJeZS38K5tHMhqu-q8rBZ%2BY43dJmCkgdqVLKbqmLx_R8xcEg@mail.gmail.com>
In-Reply-To: <CAOyJeZTv6pawc4Uggk7bNb1ATa0mS-usw_c4G=5qW-n-Vqv8VQ@mail.gmail.com>
References:  <CAOyJeZTv6pawc4Uggk7bNb1ATa0mS-usw_c4G=5qW-n-Vqv8VQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Good afternoon all, I am having some difficulty with geli. I am trying to
set up an encrypted provider for my users, using the setkey feature, but it
is not working.

system: FreeBSD 11-RC3

from the man page
     Create an encrypted provider, but use two User Keys: one for your
     employee and one for you as the company's security officer (so it is
not
     a tragedy if the employee "accidentally" forgets his passphrase):

           # geli init /dev/da2
           Enter new passphrase:   (enter security officer's passphrase)
           Reenter new passphrase:
           # geli setkey -n 1 /dev/da2
           Enter passphrase:       (enter security officer's passphrase)
           Enter new passphrase:   (let your employee enter his passphrase
...)
           Reenter new passphrase: (... twice)

Following this path, I have encrypted a provider, ada0p4

# geli init -e aes-xts -l 256 -K geli.key /dev/ada0p4

Enter new passphrase:   # I enter my passphrase
Reenter new passphrase: # I re-enter my passphrase

all is good.

Now, I am trying to set up the passphrase for the colleague
# geli setkey n 1 -k geli.key /dev/ada0p4
Enter passphrase:       # entered my passphrase
Enter new passphrase:   # entered colleague's passphrase
Reenter new passphrase: # re-entered colleague's passphrase

As I try to attach using colleague's passphrase, I get a Wrong key error.
My key works fine.

# geli attach -k geli.key /dev/ada0p4
Enter passphrase:   # I put colleague's passphrase
Wrong key

I am not sure what I am doing wrong. any pointer will be greatly
appreciated. If you require further information, please do not hesitate
to ask.

Thanks and regards

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOyJeZS38K5tHMhqu-q8rBZ%2BY43dJmCkgdqVLKbqmLx_R8xcEg>