Date: Sat, 11 Oct 2014 17:58:40 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 194304] New: gbde does not announce destroyed keys Message-ID: <bug-194304-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194304 Bug ID: 194304 Summary: gbde does not announce destroyed keys Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: Needs Triage Severity: Affects Many People Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: mwlucas@michaelwlucas.com One key feature of GBDE is that it's supposed to say "The passphrase exists, but the key has been destroyed." This feature no longer works. (See the discussion at https://lists.freebsd.org/pipermail/freebsd-hackers/2014-October/046239.html) Here's some examples: # gbde nuke gpt/encrypted -l /etc/encrypted.lock -n -1 Enter passphrase: Opened with key 0 Nuked key 0 Nuked key 1 Nuked key 2 Nuked key 3 # gbde attach gpt/encrypted -l /etc/encrypted.lock Enter passphrase: # The .bde device isn't there, and my filesystem is gone. But I received no confirmation that the keys were destroyed. I also didn't get a message that the device couldn't be attached, although it clearly isn't. Let's try 'gbde destroy'. # gbde init /dev/gpt/encrypted -L /etc/encrypted.lock Enter new passphrase: Reenter new passphrase: # gbde destroy gpt/encrypted -l /etc/encrypted.lock Enter passphrase: Opened with key 0 # gbde attach gpt/encrypted -l /etc/encrypted.lock Enter passphrase: # The device isn't attached, it just fails silently. And failing with a specific complaint is the whole point of GBDE. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-194304-8>