geli authentication algo and newfs weirdness

Fri, 19 Sep 2008 19:53:43 -0700 

Hello Everyone,

I've been reading up on geli and decided I wanted to
use data authentication.  This involves the -a switch
on the geli init command.  Here's what I've found:

===== No authentication (the disk size is correct @ 152G):

the/root{143}~# geli init  da1
Enter new passphrase:
Reenter new passphrase:
the/root{144}~# geli attach da1
Enter passphrase:

the/root{147}~# newfs -N /dev/da1.eli
/dev/da1.eli: 152627.8MB (312581804 sectors) block size 16384, fragment size 2048 
        using 831 cylinder groups of 183.77MB, 11761 blks, 23552 inodes.
super-block backups (for fsck -b #) at:
 160, 376512, 752864, ...

the/root{148}~# newfs  /dev/da1.eli
/dev/da1.eli: 152627.8MB (312581804 sectors) block size 16384, fragment size 2048 
        using 831 cylinder groups of 183.77MB, 11761 blks, 23552 inodes.
super-block backups (for fsck -b #) at:
 160, 376512, 752864, 1129216, ...

===== With hmac/sha256 (or any other) authentication
(small disk size 76G) :

the/root{156}~# geli init -a hmac/sha256 /dev/da1
Enter new passphrase:
Reenter new passphrase:
the/root{157}~#
the/root{157}~# geli attach da1
Enter passphrase:

the/root{159}~# newfs -N /dev/da1.eli
/dev/da1.eli: 76313.9MB (156290900 sectors) block size 16384, fragment size 2048 
        using 416 cylinder groups of 183.77MB, 11761 blks, 23552 inodes.
super-block backups (for fsck -b #) at:
 160, 376512, 752864, ...

the/root{163}~# newfs  /dev/da1.eli
/dev/da1.eli: 76313.9MB (156290900 sectors) block size 16384, fragment size 2048 
        using 416 cylinder groups of 183.77MB, 11761 blks, 23552 inodes.
newfs: can't read old UFS1 superblock: read error from block device: Invalid argument 

the/root{110}~# geli dump -v da1
Metadata on da1:
     magic: GEOM::ELI
   version: 3
     flags: 0x10
     ealgo: AES-CBC
    keylen: 128
     aalgo: HMAC/SHA256
  provsize: 160041885696
sectorsize: 512
      keys: 0x01
iterations: 67988
      Salt: c708

=====

Anyone know what I've done wrong?  Is data authentication working?

Thanks!
Vinny

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to