geli.8 (167227) | geli.8 (172031) |
---|---|
1.\" Copyright (c) 2005-2006 Pawel Jakub Dawidek <pjd@FreeBSD.org> 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. --- 8 unchanged lines hidden (view full) --- 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" | 1.\" Copyright (c) 2005-2006 Pawel Jakub Dawidek <pjd@FreeBSD.org> 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. --- 8 unchanged lines hidden (view full) --- 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" |
25.\" $FreeBSD: head/sbin/geom/class/eli/geli.8 167227 2007-03-05 12:39:49Z pjd $ | 25.\" $FreeBSD: head/sbin/geom/class/eli/geli.8 172031 2007-09-01 06:33:02Z pjd $ |
26.\" 27.Dd September 16, 2006 28.Dt GELI 8 29.Os 30.Sh NAME 31.Nm geli 32.Nd "control utility for cryptographic GEOM class" 33.Sh SYNOPSIS --- 107 unchanged lines hidden (view full) --- 141Utilizes the 142.Xr crypto 9 143framework, so when there is crypto hardware available, 144.Nm 145will make use of it automatically. 146.It 147Supports many cryptographic algorithms (currently 148.Nm AES , | 26.\" 27.Dd September 16, 2006 28.Dt GELI 8 29.Os 30.Sh NAME 31.Nm geli 32.Nd "control utility for cryptographic GEOM class" 33.Sh SYNOPSIS --- 107 unchanged lines hidden (view full) --- 141Utilizes the 142.Xr crypto 9 143framework, so when there is crypto hardware available, 144.Nm 145will make use of it automatically. 146.It 147Supports many cryptographic algorithms (currently 148.Nm AES , |
149.Nm Blowfish | 149.Nm Blowfish , 150.Nm Camellia |
150and 151.Nm 3DES ) . 152.It 153Can optionally perform data authentication (integrity verification) utilizing 154one of the following algorithms: 155.Nm HMAC/MD5 , 156.Nm HMAC/SHA1 , 157.Nm HMAC/RIPEMD160 , --- 64 unchanged lines hidden (view full) --- 222.Nm HMAC/SHA384 223and 224.Nm HMAC/SHA512 . 225If the option is not given, there will be no authentication, only encryption. 226.It Fl e Ar ealgo 227Encryption algorithm to use. 228Currently supported algorithms are: 229.Nm AES , | 151and 152.Nm 3DES ) . 153.It 154Can optionally perform data authentication (integrity verification) utilizing 155one of the following algorithms: 156.Nm HMAC/MD5 , 157.Nm HMAC/SHA1 , 158.Nm HMAC/RIPEMD160 , --- 64 unchanged lines hidden (view full) --- 223.Nm HMAC/SHA384 224and 225.Nm HMAC/SHA512 . 226If the option is not given, there will be no authentication, only encryption. 227.It Fl e Ar ealgo 228Encryption algorithm to use. 229Currently supported algorithms are: 230.Nm AES , |
230.Nm Blowfish | 231.Nm Blowfish , 232.Nm Camellia |
231and 232.Nm 3DES . 233The default is 234.Nm AES . 235.It Fl b 236Ask for the passphrase on boot, before the root partition is mounted. 237This makes it possible to use an encrypted root partition. 238One will still need bootable unencrypted storage with a --- 16 unchanged lines hidden (view full) --- 255# cat key1 key2 key3 | geli init -K - /dev/da0 256.Ed 257.It Fl l Ar keylen 258Key length to use with the given cryptographic algorithm. 259If not given, the default key length for the given algorithm is used, which is: 260128 for 261.Nm AES , 262128 for | 233and 234.Nm 3DES . 235The default is 236.Nm AES . 237.It Fl b 238Ask for the passphrase on boot, before the root partition is mounted. 239This makes it possible to use an encrypted root partition. 240One will still need bootable unencrypted storage with a --- 16 unchanged lines hidden (view full) --- 257# cat key1 key2 key3 | geli init -K - /dev/da0 258.Ed 259.It Fl l Ar keylen 260Key length to use with the given cryptographic algorithm. 261If not given, the default key length for the given algorithm is used, which is: 262128 for 263.Nm AES , 264128 for |
263.Nm Blowfish | 265.Nm Blowfish , 266128 for 267.Nm Camellia |
264and 192 for 265.Nm 3DES . 266.It Fl s Ar sectorsize 267Change decrypted provider's sector size. 268Increasing sector size allows to increase performance, because we need to 269generate an IV and do encrypt/decrypt for every single sector - less number 270of sectors means less work to do. 271.It Fl P --- 375 unchanged lines hidden (view full) --- 647.Xr gbde 8 , 648.Xr geom 8 , 649.Xr crypto 9 650.Sh HISTORY 651The 652.Nm 653utility appeared in 654.Fx 6.0 . | 268and 192 for 269.Nm 3DES . 270.It Fl s Ar sectorsize 271Change decrypted provider's sector size. 272Increasing sector size allows to increase performance, because we need to 273generate an IV and do encrypt/decrypt for every single sector - less number 274of sectors means less work to do. 275.It Fl P --- 375 unchanged lines hidden (view full) --- 651.Xr gbde 8 , 652.Xr geom 8 , 653.Xr crypto 9 654.Sh HISTORY 655The 656.Nm 657utility appeared in 658.Fx 6.0 . |
659Support for 660.Nm Camellia 661block cipher is implemented by Yoshisato Yanagisawa in 662.Fx 7.0 . |
|
655.Sh AUTHORS 656.An Pawel Jakub Dawidek Aq pjd@FreeBSD.org | 663.Sh AUTHORS 664.An Pawel Jakub Dawidek Aq pjd@FreeBSD.org |