https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194304
Bug ID: 194304
Summary: gbde does not announce destroyed keys
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: Needs Triage
Severity: Affects Many People
Priority: ---
Component: bin
Assignee: [email protected]
Reporter: [email protected]
One key feature of GBDE is that it's supposed to say "The passphrase exists,
but the key has been destroyed." This feature no longer works. (See the
discussion at
https://lists.freebsd.org/pipermail/freebsd-hackers/2014-October/046239.html)
Here's some examples:
# gbde nuke gpt/encrypted -l /etc/encrypted.lock -n -1
Enter passphrase:
Opened with key 0
Nuked key 0
Nuked key 1
Nuked key 2
Nuked key 3
# gbde attach gpt/encrypted -l /etc/encrypted.lock
Enter passphrase:
#
The .bde device isn't there, and my filesystem is gone. But I received
no confirmation that the keys were destroyed.
I also didn't get a message that the device couldn't be attached,
although it clearly isn't.
Let's try 'gbde destroy'.
# gbde init /dev/gpt/encrypted -L /etc/encrypted.lock
Enter new passphrase:
Reenter new passphrase:
# gbde destroy gpt/encrypted -l /etc/encrypted.lock
Enter passphrase:
Opened with key 0
# gbde attach gpt/encrypted -l /etc/encrypted.lock
Enter passphrase:
#
The device isn't attached, it just fails silently. And failing with a
specific complaint is the whole point of GBDE.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
