Geli a gbde - pripominky

[Kaminar]

Zdravim,

hral jsem si se sifrovnim disku pomoci gbde a geli a nasel jsem nejake veci,
o kterych si myslim, ze jsou chybne nebo ne zcela spravne. Myslim, ze by bylo
dobre to nekam poslat, aby to bylo k uzitku. Proto jsem to uz zacal sepisovat
primo v anglictine a posilam to sem z nasledujicich duvodu:

  1) Nevim kam to poslat.
  2) Nevim, jestli to neni v 7R nebo nekde jinde uz opravene nebo se to uz
     neresi nebo se to nekde uz neprobiralo.
  3) Vice hlav vic vi.


Karel

--------------------------------------------------------------------------------

Tested on FreeBSD 6.1R on memory disk created as below:

  # dd if=/dev/zero of=disk.img bs=1m count=100
  # mdconfig -a -t vnode -f disk.img -u 0

  Disk was ciphering only with passphrase and keyfile wasn't used.


GELI:
-----

 - For actions: delkey, backup, clear, dump and kill it should require
   passphrase/keyfile. (May not for kill action?)

 - In case performing backup action on not geli provider "geli backup provider
   metadata-backup" warning message displayed but zero-size metadata-backup
   file created. It should not create any file.


GBDE:
-----

 - When attaching destination with bad passphrase no warning message appears
   about destination is not attached and zero return value returned.

   Example:

    # dd if=/dev/zero of=disk.img bs=1m count=100
    # mdconfig -a -t vnode -f disk.img -u 0
    # gbde init /dev/md0
    <passphrase enter>
    # gbde attach /dev/md0 ; echo $?
    Enter passphrase: <bad passphrase>
    0

   It should be non zero return value at least.

 - When "gbde nuke destination -n -1" no warning message appears about every
   keys will be lost.

 - Error in man gbde(8) in EXAMPLES section:

    "To destroy all copies of the masterkey:

              gbde destroy ad0s1f -n -1"

   It should be "gbde nuke ad0s1f -n -1"

--------------------------------------------------------------------------------