Changeset View
Changeset View
Standalone View
Standalone View
head/en_US.ISO8859-1/books/handbook/disks/chapter.xml
Show First 20 Lines • Show All 2,817 Lines • ▼ Show 20 Lines | <step> | ||||
<programlisting>options GEOM_ELI | <programlisting>options GEOM_ELI | ||||
device crypto</programlisting> | device crypto</programlisting> | ||||
</step> | </step> | ||||
<step> | <step> | ||||
<title>Generate the Master Key</title> | <title>Generate the Master Key</title> | ||||
<para>The following commands generate a master key | <para>The following commands generate a master key that all | ||||
(<filename>/root/da2.key</filename>) that is protected | data will be encrypted with. This key can never be changed. | ||||
with a passphrase. The data source for the key file is | Rather than using it directly, it is encrypted with one | ||||
<filename>/dev/random</filename> and the sector size of | or more user keys. The user keys are made up of an | ||||
the provider (<filename>/dev/da2.eli</filename>) is 4kB as | optional combination of random bytes from a file, | ||||
a bigger sector size provides better performance:</para> | <filename>/root/da2.key</filename>, and/or a passphrase. | ||||
In this case, the data source for the key file is | |||||
<filename>/dev/random</filename>. This command also | |||||
configures the sector size of the provider | |||||
(<filename>/dev/da2.eli</filename>) as 4kB, for better | |||||
performance:</para> | |||||
<screen>&prompt.root; <userinput>dd if=/dev/random of=/root/da2.key bs=64 count=1</userinput> | <screen>&prompt.root; <userinput>dd if=/dev/random of=/root/da2.key bs=64 count=1</userinput> | ||||
&prompt.root; <userinput>geli init -s 4096 -K /root/da2.key /dev/da2</userinput> | &prompt.root; <userinput>geli init -K /root/da2.key -s 4096 /dev/da2</userinput> | ||||
Enter new passphrase: | Enter new passphrase: | ||||
Reenter new passphrase:</screen> | Reenter new passphrase:</screen> | ||||
<para>It is not mandatory to use both a passphrase and a key | <para>It is not mandatory to use both a passphrase and a key | ||||
file as either method of securing the master key can be | file as either method of securing the master key can be | ||||
used in isolation.</para> | used in isolation.</para> | ||||
<para>If the key file is given as <quote>-</quote>, standard | <para>If the key file is given as <quote>-</quote>, standard | ||||
▲ Show 20 Lines • Show All 847 Lines • Show Last 20 Lines |