From owner-freebsd-geom@FreeBSD.ORG  Mon Sep 21 21:05:41 2009
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0074C106568F
	for <freebsd-geom@freebsd.org>; Mon, 21 Sep 2009 21:05:41 +0000 (UTC)
	(envelope-from ac@belngo.info)
Received: from mail-bw0-f227.google.com (mail-bw0-f227.google.com
	[209.85.218.227])
	by mx1.freebsd.org (Postfix) with ESMTP id 923298FC13
	for <freebsd-geom@freebsd.org>; Mon, 21 Sep 2009 21:05:40 +0000 (UTC)
Received: by bwz27 with SMTP id 27so2126690bwz.43
	for <freebsd-geom@freebsd.org>; Mon, 21 Sep 2009 14:05:39 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.204.155.79 with SMTP id r15mr52482bkw.142.1253565313611; Mon, 
	21 Sep 2009 13:35:13 -0700 (PDT)
In-Reply-To: <20090921143821.27380@gmx.net>
References: <20090921143821.27380@gmx.net>
Date: Mon, 21 Sep 2009 23:35:13 +0300
Message-ID: <5709ce310909211335s25aba206i33571558e4aeb92f@mail.gmail.com>
From: Alaksiej C <ac@belngo.info>
To: freebsd-geom@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: geom_eli, N disks, zfs
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2009 21:05:41 -0000

You can allocate one small disk/slice to be encrypted with passphrase
(and - if you like - with keyfile(s) too).

Inside of it you will store keyfiles for other disks, which should be
encrypted without using passphrase(s).

In such configuration it's necessary to know passphrase to unlock any
disk, but you need to type it only once.

P.S. And, actually, I think your question is fit better for freebsd-questions@.

On Mon, Sep 21, 2009 at 5:38 PM, Evgeny Solovyov <a.n.s.i@gmx.net> wrote:
> Is there any better way to configure a system to encrypt N-disk with passphrase for using under zfs as write in loader.conf following:
>
> geom_eli_load="YES"
> geli_da0p1_keyfile0_load="YES"
> geli_da0p1_keyfile0_type="da0p1:geli_keyfile0"
> geli_da0p1_keyfile0_name="/boot/keys/da0.key"
>
> geli_da2p1_keyfile0_load="YES"
> geli_da2p1_keyfile0_type="da2p1:geli_keyfile0"
> geli_da2p1_keyfile0_name="/boot/keys/da2.key"
>
> ...
>
> geli_da<N>p1_keyfile0_load="YES"
> geli_da<N>p1_keyfile0_type="da<N>p1:geli_keyfile0"
> geli_da<N>p1_keyfile0_name="/boot/keys/da<N>.key"
>
>
> The problem is we must enter the passphrase N-times.
>
> Thanks.
>
> Evgeny Solovyov
> --
> Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3 -
> sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser
> _______________________________________________
> freebsd-geom@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-geom
> To unsubscribe, send any mail to "freebsd-geom-unsubscribe@freebsd.org"
>