summaryrefslogtreecommitdiffstats
path: root/sbin/gbde
diff options
context:
space:
mode:
authorsjg <sjg@FreeBSD.org>2014-11-19 01:07:58 +0000
committersjg <sjg@FreeBSD.org>2014-11-19 01:07:58 +0000
commitb137080f19736ee33fede2e88bb54438604cf86b (patch)
tree377ac0ac449528621eb192cd245adadb5fd53668 /sbin/gbde
parentab21a29eb607d4dfe389b965fbdee27558e791aa (diff)
parent4a8d07956d121238d006d34ffe7d6269744e8b1a (diff)
downloadFreeBSD-src-b137080f19736ee33fede2e88bb54438604cf86b.zip
FreeBSD-src-b137080f19736ee33fede2e88bb54438604cf86b.tar.gz
Merge from head@274682
Diffstat (limited to 'sbin/gbde')
-rw-r--r--sbin/gbde/gbde.820
-rw-r--r--sbin/gbde/gbde.c7
2 files changed, 20 insertions, 7 deletions
diff --git a/sbin/gbde/gbde.8 b/sbin/gbde/gbde.8
index 47c2e21..0578287 100644
--- a/sbin/gbde/gbde.8
+++ b/sbin/gbde/gbde.8
@@ -31,7 +31,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd October 1, 2013
+.Dd August 27, 2014
.Dt GBDE 8
.Os
.Sh NAME
@@ -233,9 +233,23 @@ pass-phrase:
.Pp
.Dl "gbde setkey ada0s1f -n 2 -P foo -L key2.lockfile"
.Pp
-To destroy all copies of the masterkey:
+To invalidate your own masterkey:
.Pp
-.Dl "gbde destroy ada0s1f -n -1"
+.Dl "gbde nuke ada0s1f"
+.Pp
+This will overwrite your masterkey sector with zeros, and results in
+a diagnostic if you try to use the key again.
+You can also destroy the other three copies of the masterkey with the
+-n argument.
+.Pp
+You can also invalidate your masterkey without leaving a tell-tale sector
+full of zeros:
+.Pp
+.Dl "gbde destroy ada0s1f"
+.Pp
+This will overwrite the information fields in your masterkey sector,
+encrypt it and write it back.
+You get a (different) diagnostic if you try to use it.
.Sh SEE ALSO
.Xr gbde 4 ,
.Xr geom 4
diff --git a/sbin/gbde/gbde.c b/sbin/gbde/gbde.c
index b6baa95..3dca212 100644
--- a/sbin/gbde/gbde.c
+++ b/sbin/gbde/gbde.c
@@ -300,7 +300,6 @@ cmd_attach(const struct g_bde_softc *sc, const char *dest, const char *lfile)
gctl_ro_param(r, "key", 16, buf);
close(ffd);
}
- /* gctl_dump(r, stdout); */
errstr = gctl_issue(r);
if (errstr != NULL)
errx(1, "Attach to %s failed: %s", dest, errstr);
@@ -371,7 +370,7 @@ cmd_open(struct g_bde_softc *sc, int dfd , const char *l_opt, u_int *nkey)
if (error != 0)
errx(1, "Error %d decrypting lock", error);
if (nkey)
- printf("Opened with key %u\n", *nkey);
+ printf("Opened with key %u\n", 1 + *nkey);
return;
}
@@ -392,7 +391,7 @@ cmd_nuke(struct g_bde_key *gl, int dfd , int key)
free(sbuf);
if (i != (int)gl->sectorsize)
err(1, "write");
- printf("Nuked key %d\n", key);
+ printf("Nuked key %d\n", 1 + key);
}
static void
@@ -493,7 +492,7 @@ cmd_destroy(struct g_bde_key *gl, int nkey)
bzero(&gl->sector0, sizeof gl->sector0);
bzero(&gl->sectorN, sizeof gl->sectorN);
bzero(&gl->keyoffset, sizeof gl->keyoffset);
- bzero(&gl->flags, sizeof gl->flags);
+ gl->flags &= GBDE_F_SECT0;
bzero(gl->mkey, sizeof gl->mkey);
for (i = 0; i < G_BDE_MAXKEYS; i++)
if (i != nkey)
OpenPOWER on IntegriCloud