Changeset View
Changeset View
Standalone View
Standalone View
head/en_US.ISO8859-1/books/handbook/disks/chapter.xml
| Show First 20 Lines • Show All 2,817 Lines • ▼ Show 20 Lines | <step> | ||||
| <programlisting>options GEOM_ELI | <programlisting>options GEOM_ELI | ||||
| device crypto</programlisting> | device crypto</programlisting> | ||||
| </step> | </step> | ||||
| <step> | <step> | ||||
| <title>Generate the Master Key</title> | <title>Generate the Master Key</title> | ||||
| <para>The following commands generate a master key | <para>The following commands generate a master key that all | ||||
| (<filename>/root/da2.key</filename>) that is protected | data will be encrypted with. This key can never be changed. | ||||
| with a passphrase. The data source for the key file is | Rather than using it directly, it is encrypted with one | ||||
| <filename>/dev/random</filename> and the sector size of | or more user keys. The user keys are made up of an | ||||
| the provider (<filename>/dev/da2.eli</filename>) is 4kB as | optional combination of random bytes from a file, | ||||
| a bigger sector size provides better performance:</para> | <filename>/root/da2.key</filename>, and/or a passphrase. | ||||
| In this case, the data source for the key file is | |||||
| <filename>/dev/random</filename>. This command also | |||||
| configures the sector size of the provider | |||||
| (<filename>/dev/da2.eli</filename>) as 4kB, for better | |||||
| performance:</para> | |||||
| <screen>&prompt.root; <userinput>dd if=/dev/random of=/root/da2.key bs=64 count=1</userinput> | <screen>&prompt.root; <userinput>dd if=/dev/random of=/root/da2.key bs=64 count=1</userinput> | ||||
| &prompt.root; <userinput>geli init -s 4096 -K /root/da2.key /dev/da2</userinput> | &prompt.root; <userinput>geli init -K /root/da2.key -s 4096 /dev/da2</userinput> | ||||
| Enter new passphrase: | Enter new passphrase: | ||||
| Reenter new passphrase:</screen> | Reenter new passphrase:</screen> | ||||
| <para>It is not mandatory to use both a passphrase and a key | <para>It is not mandatory to use both a passphrase and a key | ||||
| file as either method of securing the master key can be | file as either method of securing the master key can be | ||||
| used in isolation.</para> | used in isolation.</para> | ||||
| <para>If the key file is given as <quote>-</quote>, standard | <para>If the key file is given as <quote>-</quote>, standard | ||||
| ▲ Show 20 Lines • Show All 847 Lines • Show Last 20 Lines | |||||