Module Name: src
Committed By: riastradh
Date: Fri Dec 11 21:52:19 UTC 2020
Modified Files:
src/sbin/cgdconfig: cgdconfig.8
Log Message:
Touch up cgdconfig(8) man page.
- Suggest adiantum first.
- Remove references to Blowfish.
- Clarify that ivmethod is relevant only for ancient compatibility.
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 src/sbin/cgdconfig/cgdconfig.8
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.8
diff -u src/sbin/cgdconfig/cgdconfig.8:1.47 src/sbin/cgdconfig/cgdconfig.8:1.48
--- src/sbin/cgdconfig/cgdconfig.8:1.47 Tue Jun 23 14:08:01 2020
+++ src/sbin/cgdconfig/cgdconfig.8 Fri Dec 11 21:52:19 2020
@@ -1,4 +1,4 @@
-.\" $NetBSD: cgdconfig.8,v 1.47 2020/06/23 14:08:01 wiz Exp $
+.\" $NetBSD: cgdconfig.8,v 1.48 2020/12/11 21:52:19 riastradh Exp $
.\"
.\" Copyright (c) 2002, The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd June 23, 2020
+.Dd December 11, 2020
.Dt CGDCONFIG 8
.Os
.Sh NAME
@@ -104,6 +104,15 @@ This may need to obtain multiple passphr
Generate a paramsfile (to stdout).
.It Fl i Ar ivmeth
Specify the IV method (default: encblkno1).
+.Pp
+Setting the IV method is needed only for compatibility with disks
+written with a very old version of
+.Xr cgd 4
+from before
+.Nx 5.0 ,
+released in 2010; see
+.Xr cgd 4
+for details.
.It Fl k Ar kgmeth
Specify the key generation method (default: pkcs5_pbkdf2/sha1).
.It Fl l Op Ar cgd
@@ -144,8 +153,8 @@ Be verbose.
May be specified multiple times.
.El
.Pp
-For more information about the cryptographic algorithms and IV methods
-supported, please refer to
+For more information about the cryptographic algorithms supported,
+please refer to
.Xr cgd 4 .
.Ss Key Generation Methods
To generate the key which it will use,
@@ -318,6 +327,15 @@ The following statements are defined:
Defines the cryptographic algorithm.
.It iv-method Ar string
Defines the IV generation method.
+This should always be
+.Sq encblkno1
+except when dealing with disks written with a very old version of
+.Xr cgd 4
+from before
+.Nx 5.0 ,
+released in 2010; see
+.Xr cgd 4
+for details.
.It keylength Ar integer
Defines the length of the key.
.It verify_method Ar string
@@ -352,12 +370,10 @@ configuration directory, used to store p
cgd configuration file.
.El
.Sh EXAMPLES
-To set up and configure a cgd that uses AES with a 192 bit key
-in CBC mode with the IV Method
-.Sq encblkno1
-(encrypted block number):
+To set up and configure a cgd that uses adiantum, which takes a 256-bit
+key:
.Bd -literal
- # cgdconfig -g -o /etc/cgd/wd0e aes-cbc 192
+ # cgdconfig -g -o /etc/cgd/wd0e adiantum 256
# cgdconfig cgd0 /dev/wd0e
/dev/wd0e's passphrase:
.Ed
@@ -370,7 +386,7 @@ when we configure the first time to set
Here is the
sequence of commands that is recommended:
.Bd -literal
- # cgdconfig -g -o /etc/cgd/wd0e -V disklabel aes-cbc
+ # cgdconfig -g -o /etc/cgd/wd0e -V disklabel adiantum
# cgdconfig -V re-enter cgd0 /dev/wd0e
/dev/wd0e's passphrase:
re-enter device's passphrase:
@@ -382,7 +398,7 @@ sequence of commands that is recommended
.Pp
To scrub data from a disk before setting up a cgd:
.Bd -literal
- # cgdconfig -s cgd0 /dev/sd0e aes-cbc 256 < /dev/urandom
+ # cgdconfig -s cgd0 /dev/sd0e adiantum 256 < /dev/urandom
# dd if=/dev/zero of=/dev/rcgd0d bs=32k progress=512
# cgdconfig -u cgd0
.Ed
@@ -395,10 +411,10 @@ parameters file:
new file's passphrase:
.Ed
.Pp
-To configure a cgd that uses Blowfish with a 200 bit key that it
+To configure a cgd that uses aes-cbc with a 192 bit key that it
reads from stdin:
.Bd -literal
- # cgdconfig -s cgd0 /dev/sd0h blowfish-cbc 200
+ # cgdconfig -s cgd0 /dev/sd0h aes-cbc 192
.Ed
.Pp
An example parameters file which uses PKCS#5 PBKDF2:
@@ -416,7 +432,7 @@ An example parameters file which uses PK
.Pp
An example parameters file which stores its key locally:
.Bd -literal
- algorithm aes-cbc;
+ algorithm adiantum;
iv-method encblkno1;
keylength 256;
verify_method none;
