From d399c98a368946d314c28a844d7161f3feb33ebc Mon Sep 17 00:00:00 2001 From: Dru Lavigne Date: Tue, 29 Apr 2014 16:58:41 +0000 Subject: [PATCH] White space fix only. Translators can ignore. Sponsored by: iXsystems --- .../books/handbook/disks/chapter.xml | 146 +++++++++--------- 1 file changed, 71 insertions(+), 75 deletions(-) diff --git a/en_US.ISO8859-1/books/handbook/disks/chapter.xml b/en_US.ISO8859-1/books/handbook/disks/chapter.xml index 54e52885ce..b9e6540f2f 100644 --- a/en_US.ISO8859-1/books/handbook/disks/chapter.xml +++ b/en_US.ISO8859-1/books/handbook/disks/chapter.xml @@ -2413,19 +2413,20 @@ Quotas for user test: analyze the data. Regardless of how an attacker may have come into possession - of a hard drive or powered-down computer, the GEOM-based - cryptographic subsystems built into &os; are - able to protect the data on the computer's file systems against - even highly-motivated attackers with significant resources. - Unlike encryption methods that encrypt individual files, the built-in - gbde and geli utilities can be used to - transparently encrypt entire file systems. No cleartext ever - touches the hard drive's platter. + of a hard drive or powered-down computer, the + GEOM-based cryptographic subsystems built + into &os; are able to protect the data on the computer's file + systems against even highly-motivated attackers with significant + resources. Unlike encryption methods that encrypt individual + files, the built-in gbde and + geli utilities can be used to transparently + encrypt entire file systems. No cleartext ever touches the hard + drive's platter. - This chapter demonstrates how to create an encrypted file - system on &os;. It first demonstrates the process using - gbde and then demonstrates the same example - using geli. + This chapter demonstrates how to create an encrypted file + system on &os;. It first demonstrates the process using + gbde and then demonstrates the same example + using geli. Disk Encryption with @@ -2622,10 +2623,10 @@ gbde_devices="<replaceable>ad4s1c</replaceable>" gbde_lockdir="/etc/gbde"</programlisting> <para>This requires that the passphrase be entered at the - console at boot time. After typing the correct passphrase, the - encrypted partition will be mounted automatically. Additional - <application>gbde</application> boot options are available and - listed in &man.rc.conf.5;.</para> + console at boot time. After typing the correct passphrase, + the encrypted partition will be mounted automatically. + Additional <application>gbde</application> boot options are + available and listed in &man.rc.conf.5;.</para> <!-- What about bsdinstall? @@ -2658,21 +2659,23 @@ What about bsdinstall? </authorgroup> </info> - <para>An alternative cryptographic <acronym>GEOM</acronym> class is available - using <command>geli</command>. This control utility adds - some features and uses - a different scheme for doing cryptographic work. It provides - the following features:</para> + <para>An alternative cryptographic <acronym>GEOM</acronym> class + is available using <command>geli</command>. This control + utility adds some features and uses a different scheme for + doing cryptographic work. It provides the following + features:</para> <itemizedlist> <listitem> - <para>Utilizes the &man.crypto.9; framework and automatically uses - cryptographic hardware when it is available.</para> + <para>Utilizes the &man.crypto.9; framework and + automatically uses cryptographic hardware when it is + available.</para> </listitem> <listitem> <para>Supports multiple cryptographic algorithms such as - <acronym>AES</acronym>, Blowfish, and <acronym>3DES</acronym>.</para> + <acronym>AES</acronym>, Blowfish, and + <acronym>3DES</acronym>.</para> </listitem> <listitem> @@ -2686,14 +2689,14 @@ What about bsdinstall? </listitem> <listitem> - <para>It is fast as it performs simple - sector-to-sector encryption.</para> + <para>It is fast as it performs simple sector-to-sector + encryption.</para> </listitem> <listitem> <para>Allows backup and restore of master keys. If a user - destroys their keys, it is still possible to get access - to the data by restoring keys from the backup.</para> + destroys their keys, it is still possible to get access to + the data by restoring keys from the backup.</para> </listitem> <listitem> @@ -2706,17 +2709,15 @@ What about bsdinstall? <para>More features and usage examples can be found in &man.geli.8;.</para> - <para>The following example describes how to generate a - key file which will be used as part of the master key for - the encrypted provider mounted under - <filename>/private</filename>. The key - file will provide some random data used to encrypt the - master key. The master key will also be protected by a - passphrase. The provider's sector size will be 4kB. - The example describes how to attach to the - <command>geli</command> provider, create a file system on - it, mount it, work with it, and finally, how to detach - it.</para> + <para>The following example describes how to generate a key file + which will be used as part of the master key for the encrypted + provider mounted under <filename>/private</filename>. The key + file will provide some random data used to encrypt the master + key. The master key will also be protected by a passphrase. + The provider's sector size will be 4kB. The example describes + how to attach to the <command>geli</command> provider, create + a file system on it, mount it, work with it, and finally, how + to detach it.</para> <procedure> <title>Encrypting a Partition with @@ -2748,12 +2749,11 @@ device crypto</programlisting> <title>Generate the Master Key The following commands generate a master key - (/root/da2.key) that is protected with a passphrase. - The data source for the key file is + (/root/da2.key) that is protected + with a passphrase. The data source for the key file is /dev/random and the sector size of - the provider (/dev/da2.eli) is - 4kB as a bigger sector size provides - better performance: + the provider (/dev/da2.eli) is 4kB as + a bigger sector size provides better performance: &prompt.root; dd if=/dev/random of=/root/da2.key bs=64 count=1 &prompt.root; geli init -s 4096 -K /root/da2.key /dev/da2 @@ -2765,8 +2765,8 @@ Reenter new passphrase: used in isolation. If the key file is given as -, standard - input will be used. For example, this command generates three - key files: + input will be used. For example, this command generates + three key files: &prompt.root; cat keyfile1 keyfile2 keyfile3 | geli init -K - /dev/da2 @@ -2812,41 +2812,37 @@ Filesystem Size Used Avail Capacity Mounted on - Once the work on the encrypted partition is done, and - the /private - partition is no longer needed, it is prudent to put the - device into cold storage by - unmounting and detaching the geli - encrypted partition from the kernel: + Once the work on the encrypted partition is done, and the + /private partition is no longer needed, + it is prudent to put the device into cold storage by + unmounting and detaching the geli encrypted + partition from the kernel: - &prompt.root; umount /private + &prompt.root; umount /private &prompt.root; geli detach da2.eli - An - rc.d script is provided to - simplify the mounting of geli-encrypted - devices at boot time. For this example, add these lines to - /etc/rc.conf: + An rc.d script is provided to + simplify the mounting of geli-encrypted + devices at boot time. For this example, add these lines to + /etc/rc.conf: - geli_devices="da2" + geli_devices="da2" geli_da2_flags="-p -k /root/da2.key" - This configures /dev/da2 as a - geli provider with a master key - of /root/da2.key. - The system will automatically detach - the provider from the kernel before - the system shuts down. During the startup process, the script will prompt for the - passphrase before attaching the - provider. Other kernel messages might be shown before and - after the password prompt. If the boot process seems to - stall, look carefully for the password prompt among the - other messages. Once the correct passphrase is entered, the provider is - attached. The file system is then mounted, - typically by an entry in - /etc/fstab. Refer to for instructions on how to - configure a file system to mount at boot time. + This configures /dev/da2 as a + geli provider with a master key of + /root/da2.key. The system will + automatically detach the provider from the kernel before the + system shuts down. During the startup process, the script + will prompt for the passphrase before attaching the provider. + Other kernel messages might be shown before and after the + password prompt. If the boot process seems to stall, look + carefully for the password prompt among the other messages. + Once the correct passphrase is entered, the provider is + attached. The file system is then mounted, typically by an + entry in /etc/fstab. Refer to for instructions on how to + configure a file system to mount at boot time.