1.\" Copyright (c) 2005-2010 Pawel Jakub Dawidek <pjd@FreeBSD.org>
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer.
--- 8 unchanged lines hidden (view full) ---
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD: head/sbin/geom/class/eli/geli.8 213172 2010-09-25 17:38:57Z pjd $
26.\"
27.Dd September 25, 2010
28.Dt GELI 8
29.Os
30.Sh NAME
31.Nm geli
32.Nd "control utility for cryptographic GEOM class"
33.Sh SYNOPSIS
34To compile GEOM_ELI into your kernel, place the following lines in your kernel
35configuration file:
--- 78 unchanged lines hidden (view full) ---
114.Ar prov
115.Ar file
116.Nm
117.Cm restore
118.Op Fl fv
119.Ar file
120.Ar prov
121.Nm
122.Cm resize
123.Op Fl v
124.Fl s Ar oldsize
125.Ar prov
126.Nm
127.Cm clear
128.Op Fl v
129.Ar prov ...
--- 72 unchanged lines hidden (view full) ---
202Providers can be configured to automatically detach on last close
203(so users do not have to remember to detach providers after unmounting
204the file systems).
205.It
206Allows to attach a provider with a random, one-time key - useful for swap
207partitions and temporary file systems.
208.It
209Allows to verify data integrity (data authentication).
210.El
211.Pp
212The first argument to
213.Nm
214indicates an action to be performed:
215.Bl -tag -width ".Cm configure"
216.It Cm init
217Initialize provider which needs to be encrypted.
--- 235 unchanged lines hidden (view full) ---
453.El
454.It Cm delkey
455Destroy (overwrite with random data) the selected key.
456If one is destroying keys for an attached provider, the provider
457will not be detached even if all keys will be destroyed.
458It can be even rescued with the
459.Cm setkey
460subcommand.
461.Bl -tag -width ".Fl a Ar keyno"
462.It Fl a
463Destroy all keys (does not need
464.Fl f
465option).
466.It Fl f
467Force key destruction.
468This option is needed to destroy the last key.
--- 8 unchanged lines hidden (view full) ---
477This command should be used in emergency situations.
478It will destroy all keys on the given provider and will detach it forcibly
479(if it is attached).
480This is absolutely a one-way command - if you do not have a metadata
481backup, your data is gone for good.
482In case the provider was attached with the
483.Fl r
484flag, the keys will not be destroyed, only the provider will be detached.
485.Bl -tag -width ".Fl a"
486.It Fl a
487If specified, all currently attached providers will be killed.
488.El
489.It Cm backup
490Backup metadata from the given provider to the given file.
491.It Cm restore
492Restore metadata from the given file to the given provider.
493.Bl -tag -width ".Fl f"
494.It Fl f
495Metadata contains the size of the provider to ensure that the correct
496partition or slice is attached.
497If an attempt is made to restore metadata to a provider that has a different
498size,
499.Nm
500will refuse to restore the data unless the
501.Fl f
502switch is used.
503If the partition or slice has been grown, the
504.Cm resize
505subcommand should be used rather than attempting to relocate the metadata
506through
507.Cm backup
508and
509.Cm restore .
510.El
511.It Cm resize
512Inform
513.Nm
514that the provider has been resized.
515The old metadata block is relocated to the correct position at the end of the
516provider and the provider size is updated.
517.Bl -tag -width ".Fl s Ar oldsize"
518.It Fl s Ar oldsize
519The size of the provider before it was resized.
520.El
521.It Cm clear
522Clear metadata from the given providers.
523.It Cm dump
524Dump metadata stored on the given providers.
--- 216 unchanged lines hidden (view full) ---
741# echo foo > da0.pass0
742# echo bar > da0.pass1
743# geli init -J da0.pass0 -J da0.pass1 da0
744# geli attach -j da0.pass0 -j da0.pass1 da0
745# geli detach da0
746# geli attach da0
747Enter passphrase: foobar
748.Ed
749.Sh ENCRYPTION MODES
750.Nm
751supports two encryption modes:
752.Nm XTS ,
753which was standarized as
754.Nm IEE P1619
755and
756.Nm CBC
--- 46 unchanged lines hidden ---
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer.
--- 8 unchanged lines hidden (view full) ---
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD: head/sbin/geom/class/eli/geli.8 213172 2010-09-25 17:38:57Z pjd $
26.\"
27.Dd September 25, 2010
28.Dt GELI 8
29.Os
30.Sh NAME
31.Nm geli
32.Nd "control utility for cryptographic GEOM class"
33.Sh SYNOPSIS
34To compile GEOM_ELI into your kernel, place the following lines in your kernel
35configuration file:
--- 78 unchanged lines hidden (view full) ---
114.Ar prov
115.Ar file
116.Nm
117.Cm restore
118.Op Fl fv
119.Ar file
120.Ar prov
121.Nm
122.Cm resize
123.Op Fl v
124.Fl s Ar oldsize
125.Ar prov
126.Nm
127.Cm clear
128.Op Fl v
129.Ar prov ...
--- 72 unchanged lines hidden (view full) ---
202Providers can be configured to automatically detach on last close
203(so users do not have to remember to detach providers after unmounting
204the file systems).
205.It
206Allows to attach a provider with a random, one-time key - useful for swap
207partitions and temporary file systems.
208.It
209Allows to verify data integrity (data authentication).
210.El
211.Pp
212The first argument to
213.Nm
214indicates an action to be performed:
215.Bl -tag -width ".Cm configure"
216.It Cm init
217Initialize provider which needs to be encrypted.
--- 235 unchanged lines hidden (view full) ---
453.El
454.It Cm delkey
455Destroy (overwrite with random data) the selected key.
456If one is destroying keys for an attached provider, the provider
457will not be detached even if all keys will be destroyed.
458It can be even rescued with the
459.Cm setkey
460subcommand.
461.Bl -tag -width ".Fl a Ar keyno"
462.It Fl a
463Destroy all keys (does not need
464.Fl f
465option).
466.It Fl f
467Force key destruction.
468This option is needed to destroy the last key.
--- 8 unchanged lines hidden (view full) ---
477This command should be used in emergency situations.
478It will destroy all keys on the given provider and will detach it forcibly
479(if it is attached).
480This is absolutely a one-way command - if you do not have a metadata
481backup, your data is gone for good.
482In case the provider was attached with the
483.Fl r
484flag, the keys will not be destroyed, only the provider will be detached.
485.Bl -tag -width ".Fl a"
486.It Fl a
487If specified, all currently attached providers will be killed.
488.El
489.It Cm backup
490Backup metadata from the given provider to the given file.
491.It Cm restore
492Restore metadata from the given file to the given provider.
493.Bl -tag -width ".Fl f"
494.It Fl f
495Metadata contains the size of the provider to ensure that the correct
496partition or slice is attached.
497If an attempt is made to restore metadata to a provider that has a different
498size,
499.Nm
500will refuse to restore the data unless the
501.Fl f
502switch is used.
503If the partition or slice has been grown, the
504.Cm resize
505subcommand should be used rather than attempting to relocate the metadata
506through
507.Cm backup
508and
509.Cm restore .
510.El
511.It Cm resize
512Inform
513.Nm
514that the provider has been resized.
515The old metadata block is relocated to the correct position at the end of the
516provider and the provider size is updated.
517.Bl -tag -width ".Fl s Ar oldsize"
518.It Fl s Ar oldsize
519The size of the provider before it was resized.
520.El
521.It Cm clear
522Clear metadata from the given providers.
523.It Cm dump
524Dump metadata stored on the given providers.
--- 216 unchanged lines hidden (view full) ---
741# echo foo > da0.pass0
742# echo bar > da0.pass1
743# geli init -J da0.pass0 -J da0.pass1 da0
744# geli attach -j da0.pass0 -j da0.pass1 da0
745# geli detach da0
746# geli attach da0
747Enter passphrase: foobar
748.Ed
749.Sh ENCRYPTION MODES
750.Nm
751supports two encryption modes:
752.Nm XTS ,
753which was standarized as
754.Nm IEE P1619
755and
756.Nm CBC
--- 46 unchanged lines hidden ---