Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sbin/cgdconfig Touch up cgdconfig(8) man page.
details: https://anonhg.NetBSD.org/src/rev/6c145629f319
branches: trunk
changeset: 979023:6c145629f319
user: riastradh <riastradh%NetBSD.org@localhost>
date: Fri Dec 11 21:52:19 2020 +0000
description:
Touch up cgdconfig(8) man page.
- Suggest adiantum first.
- Remove references to Blowfish.
- Clarify that ivmethod is relevant only for ancient compatibility.
diffstat:
sbin/cgdconfig/cgdconfig.8 | 44 ++++++++++++++++++++++++++++++--------------
1 files changed, 30 insertions(+), 14 deletions(-)
diffs (117 lines):
diff -r 858d17c800a7 -r 6c145629f319 sbin/cgdconfig/cgdconfig.8
--- a/sbin/cgdconfig/cgdconfig.8 Fri Dec 11 21:40:50 2020 +0000
+++ b/sbin/cgdconfig/cgdconfig.8 Fri Dec 11 21:52:19 2020 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: cgdconfig.8,v 1.47 2020/06/23 14:08:01 wiz Exp $
+.\" $NetBSD: cgdconfig.8,v 1.48 2020/12/11 21:52:19 riastradh Exp $
.\"
.\" Copyright (c) 2002, The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd June 23, 2020
+.Dd December 11, 2020
.Dt CGDCONFIG 8
.Os
.Sh NAME
@@ -104,6 +104,15 @@
Generate a paramsfile (to stdout).
.It Fl i Ar ivmeth
Specify the IV method (default: encblkno1).
+.Pp
+Setting the IV method is needed only for compatibility with disks
+written with a very old version of
+.Xr cgd 4
+from before
+.Nx 5.0 ,
+released in 2010; see
+.Xr cgd 4
+for details.
.It Fl k Ar kgmeth
Specify the key generation method (default: pkcs5_pbkdf2/sha1).
.It Fl l Op Ar cgd
@@ -144,8 +153,8 @@
May be specified multiple times.
.El
.Pp
-For more information about the cryptographic algorithms and IV methods
-supported, please refer to
+For more information about the cryptographic algorithms supported,
+please refer to
.Xr cgd 4 .
.Ss Key Generation Methods
To generate the key which it will use,
@@ -318,6 +327,15 @@
Defines the cryptographic algorithm.
.It iv-method Ar string
Defines the IV generation method.
+This should always be
+.Sq encblkno1
+except when dealing with disks written with a very old version of
+.Xr cgd 4
+from before
+.Nx 5.0 ,
+released in 2010; see
+.Xr cgd 4
+for details.
.It keylength Ar integer
Defines the length of the key.
.It verify_method Ar string
@@ -352,12 +370,10 @@
cgd configuration file.
.El
.Sh EXAMPLES
-To set up and configure a cgd that uses AES with a 192 bit key
-in CBC mode with the IV Method
-.Sq encblkno1
-(encrypted block number):
+To set up and configure a cgd that uses adiantum, which takes a 256-bit
+key:
.Bd -literal
- # cgdconfig -g -o /etc/cgd/wd0e aes-cbc 192
+ # cgdconfig -g -o /etc/cgd/wd0e adiantum 256
# cgdconfig cgd0 /dev/wd0e
/dev/wd0e's passphrase:
.Ed
@@ -370,7 +386,7 @@
Here is the
sequence of commands that is recommended:
.Bd -literal
- # cgdconfig -g -o /etc/cgd/wd0e -V disklabel aes-cbc
+ # cgdconfig -g -o /etc/cgd/wd0e -V disklabel adiantum
# cgdconfig -V re-enter cgd0 /dev/wd0e
/dev/wd0e's passphrase:
re-enter device's passphrase:
@@ -382,7 +398,7 @@
.Pp
To scrub data from a disk before setting up a cgd:
.Bd -literal
- # cgdconfig -s cgd0 /dev/sd0e aes-cbc 256 < /dev/urandom
+ # cgdconfig -s cgd0 /dev/sd0e adiantum 256 < /dev/urandom
# dd if=/dev/zero of=/dev/rcgd0d bs=32k progress=512
# cgdconfig -u cgd0
.Ed
@@ -395,10 +411,10 @@
new file's passphrase:
.Ed
.Pp
-To configure a cgd that uses Blowfish with a 200 bit key that it
+To configure a cgd that uses aes-cbc with a 192 bit key that it
reads from stdin:
.Bd -literal
- # cgdconfig -s cgd0 /dev/sd0h blowfish-cbc 200
+ # cgdconfig -s cgd0 /dev/sd0h aes-cbc 192
.Ed
.Pp
An example parameters file which uses PKCS#5 PBKDF2:
@@ -416,7 +432,7 @@
.Pp
An example parameters file which stores its key locally:
.Bd -literal
- algorithm aes-cbc;
+ algorithm adiantum;
iv-method encblkno1;
keylength 256;
verify_method none;
Home |
Main Index |
Thread Index |
Old Index