Re: GBDE - Destroy command not working
It didn't work but after several other attempts. I've been able to run it using a specific combination. So to summarize, in my case, I can only run destroy : - using external lock files (-l parameter mandatory) - with the current key only (no -n -1 parameter to say destroy them all) - using /dev/xxx (xxx only doesn't work) First, what's not working : -- Without detached lockfile # kldload geom_bde # gbde init /dev/da0 -i # gbde attach da0 # gbde detach da0 # gbde destroy da0 Enter passphrase: gbde: read: Inappropriate ioctl for device and also # gbde destroy /dev/da0 Enter passphrase: gbde: No -L option and no space in sector 0 for lockfile -- With detached lockfile # gbde destroy da0 -l /etc/mykey Enter passphrase: gbde: Error 22 decrypting lock and then # gbde destroy /dev/da0 -l /etc/mykey Enter passphrase: Wrote key 0 at 5371894 And it worked for the current key. I also tried to use the -n x, --n x parameter (with x= -1, 1) but it never worked! At one point I even received a Fatal trap 12: page fault while in kernel mode (many of them in fact) Dany Nativel wrote: I've been playing around with GBDE under 5.2RC2-1. It's a fantastic encrypted FS. Following the man page, I've tried to use the destroy command but without success. Here is what I did to create the encrypted FS (for this test I didn't use the /dev/random to fill-up the disc). # kldload geom_bde # gbde init /dev/da0 -i # gbde setkey /dev/da0 -n 2 # gbde attach /dev/da0 # newfs /dev/da0.bde # mount /dev/da0.bde /mnt/usbkey -- use the FS, works fine # umount /mnt/usbkey # gbde detach da0 Then according to the man page I should use : #gbde destroy da0 -n -1 to purge all keys but I get : gbde: illegal option -- n so I changed to : #gbde destroy da0 --n -1 and got : gbde: read: Innapropriate ioctl for device so I changed to : #gbde destroy /dev/da0 --n -1 and this time I get the password prompt but it fails to destroy anything : Enter passphrase: Opened with key 0 gbde: No -L option and no space in sector 0 for lockfile Maybe I didn't understand the purpose of the this command. I thought it was going to replace each lock key with some random data. Can somebody explain me how to use the destroy command ? Thanks Dany ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: GBDE - Destroy command not working
Sorry I can not help you with your problem. An totally encrypted file system sounded very interesting, I tried to find GBDE in the FBSD ports/package collection and there is no hit on GBDE, or gbde, or encrypted FS. Would you please provide the ports name or an URL to where I can find out more about it? Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dany Nativel Sent: Monday, February 16, 2004 6:11 PM To: [EMAIL PROTECTED] Subject: GBDE - Destroy command not working I've been playing around with GBDE under 5.2RC2-1. It's a fantastic encrypted FS. Following the man page, I've tried to use the destroy command but without success. Here is what I did to create the encrypted FS (for this test I didn't use the /dev/random to fill-up the disc). # kldload geom_bde # gbde init /dev/da0 -i # gbde setkey /dev/da0 -n 2 # gbde attach /dev/da0 # newfs /dev/da0.bde # mount /dev/da0.bde /mnt/usbkey -- use the FS, works fine # umount /mnt/usbkey # gbde detach da0 Then according to the man page I should use : #gbde destroy da0 -n -1 to purge all keys but I get : gbde: illegal option -- n so I changed to : #gbde destroy da0 --n -1 and got : gbde: read: Innapropriate ioctl for device so I changed to : #gbde destroy /dev/da0 --n -1 and this time I get the password prompt but it fails to destroy anything : Enter passphrase: Opened with key 0 gbde: No -L option and no space in sector 0 for lockfile Maybe I didn't understand the purpose of the this command. I thought it was going to replace each lock key with some random data. Can somebody explain me how to use the destroy command ? Thanks Dany ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: GBDE - Destroy command not working
You'll find more information in the handbook : http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html It can be enabled as a kernel option or loaded with klload so it's no part of the port tree but rather part of the base system (I hope I use the right wording here). Below you'll find some links to relevant documents. White paper on GBDE http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf Some slides on GBDE http://phk.freebsd.dk/pubs/bsdcon-03.slides.gbde.pdf Another how-to http://bsdhound.com/newsread_print.php?newsid=63 Encrypt a USB Thumbdrive using CFS or GBDE http://www.bsdnews.org/03/cryptusb.php And the man page http://www.freebsd.org/cgi/man.cgi?query=gbdesektion=4apropos=0manpath=FreeBSD+5.2-RELEASE+and+Ports JJB wrote: Sorry I can not help you with your problem. An totally encrypted file system sounded very interesting, I tried to find GBDE in the FBSD ports/package collection and there is no hit on GBDE, or gbde, or encrypted FS. Would you please provide the ports name or an URL to where I can find out more about it? Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dany Nativel Sent: Monday, February 16, 2004 6:11 PM To: [EMAIL PROTECTED] Subject: GBDE - Destroy command not working I've been playing around with GBDE under 5.2RC2-1. It's a fantastic encrypted FS. Following the man page, I've tried to use the destroy command but without success. Here is what I did to create the encrypted FS (for this test I didn't use the /dev/random to fill-up the disc). # kldload geom_bde # gbde init /dev/da0 -i # gbde setkey /dev/da0 -n 2 # gbde attach /dev/da0 # newfs /dev/da0.bde # mount /dev/da0.bde /mnt/usbkey -- use the FS, works fine # umount /mnt/usbkey # gbde detach da0 Then according to the man page I should use : #gbde destroy da0 -n -1 to purge all keys but I get : gbde: illegal option -- n so I changed to : #gbde destroy da0 --n -1 and got : gbde: read: Innapropriate ioctl for device so I changed to : #gbde destroy /dev/da0 --n -1 and this time I get the password prompt but it fails to destroy anything : Enter passphrase: Opened with key 0 gbde: No -L option and no space in sector 0 for lockfile Maybe I didn't understand the purpose of the this command. I thought it was going to replace each lock key with some random data. Can somebody explain me how to use the destroy command ? Thanks Dany ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
