From e408c66d48e280ad57496f4a1e457bd692be362f Mon Sep 17 00:00:00 2001 From: Garrett Boone <47018474+garrettboone@users.noreply.github.com> Date: Thu, 21 Sep 2023 09:48:35 -0400 Subject: [PATCH 1/4] Update _index.adoc Change geli ealgo example to current default Current example of blowfish is no longer an option and geli(8) says AES-XTS is the default. --- documentation/content/en/books/handbook/disks/_index.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/content/en/books/handbook/disks/_index.adoc b/documentation/content/en/books/handbook/disks/_index.adoc index 225f4be937a8..df1bbd61efd0 100644 --- a/documentation/content/en/books/handbook/disks/_index.adoc +++ b/documentation/content/en/books/handbook/disks/_index.adoc @@ -2176,7 +2176,7 @@ This example configures an encrypted swap partition using the Blowfish algorithm [.programlisting] .... # Device Mountpoint FStype Options Dump Pass# -/dev/ada0s1b.eli none swap sw,ealgo=blowfish,keylen=128,sectorsize=4096 0 0 +/dev/ada0s1b.eli none swap sw,ealgo=AES-XTS,keylen=128,sectorsize=4096 0 0 .... === Encrypted Swap Verification From 3f4adb887efa3b37a62d2002e349ebd894b994a8 Mon Sep 17 00:00:00 2001 From: Garrett Boone <47018474+garrettboone@users.noreply.github.com> Date: Thu, 21 Sep 2023 09:54:42 -0400 Subject: [PATCH 2/4] Update _index.adoc Change blowfish reference to AES-XTS --- documentation/content/en/books/handbook/disks/_index.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/content/en/books/handbook/disks/_index.adoc b/documentation/content/en/books/handbook/disks/_index.adoc index df1bbd61efd0..15cc18d04cd8 100644 --- a/documentation/content/en/books/handbook/disks/_index.adoc +++ b/documentation/content/en/books/handbook/disks/_index.adoc @@ -2171,7 +2171,7 @@ The size of the blocks data is broken into before it is encrypted. Larger sector sizes increase performance at the cost of higher storage overhead. The recommended size is 4096 bytes. -This example configures an encrypted swap partition using the Blowfish algorithm with a key length of 128 bits and a sectorsize of 4 kilobytes: +This example configures an encrypted swap partition using the AES-XTS algorithm with a key length of 128 bits and a sectorsize of 4 kilobytes: [.programlisting] .... From 1fbcbd55c2af091e98bc1d4cf02b1793d85d49a6 Mon Sep 17 00:00:00 2001 From: Garrett Boone <47018474+garrettboone@users.noreply.github.com> Date: Thu, 21 Sep 2023 10:11:31 -0400 Subject: [PATCH 3/4] Update _index.adoc Update algos referenced for use by geli --- documentation/content/en/books/handbook/disks/_index.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/content/en/books/handbook/disks/_index.adoc b/documentation/content/en/books/handbook/disks/_index.adoc index 15cc18d04cd8..4efa3776f0df 100644 --- a/documentation/content/en/books/handbook/disks/_index.adoc +++ b/documentation/content/en/books/handbook/disks/_index.adoc @@ -1976,7 +1976,7 @@ This control utility adds some features and uses a different scheme for doing cr It provides the following features: * Utilizes the man:crypto[9] framework and automatically uses cryptographic hardware when it is available. -* Supports multiple cryptographic algorithms such as AES, Blowfish, and 3DES. +* Supports multiple cryptographic algorithms such as AES-XTS, AES-CBC, and Camellia-CBCAES. * Allows the root partition to be encrypted. The passphrase used to access the encrypted root partition will be requested during system boot. * Allows the use of two independent keys. * It is fast as it performs simple sector-to-sector encryption. From 04a2bc3aaa37f733594b6f8f02bb566fde29b68e Mon Sep 17 00:00:00 2001 From: Garrett Boone <47018474+garrettboone@users.noreply.github.com> Date: Sat, 14 Oct 2023 09:29:13 -0400 Subject: [PATCH 4/4] Update documentation/content/en/books/handbook/disks/_index.adoc Remove whitespace Co-authored-by: Graham Perrin --- documentation/content/en/books/handbook/disks/_index.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/content/en/books/handbook/disks/_index.adoc b/documentation/content/en/books/handbook/disks/_index.adoc index 4efa3776f0df..cffdcbcfb38c 100644 --- a/documentation/content/en/books/handbook/disks/_index.adoc +++ b/documentation/content/en/books/handbook/disks/_index.adoc @@ -1976,7 +1976,7 @@ This control utility adds some features and uses a different scheme for doing cr It provides the following features: * Utilizes the man:crypto[9] framework and automatically uses cryptographic hardware when it is available. -* Supports multiple cryptographic algorithms such as AES-XTS, AES-CBC, and Camellia-CBCAES. +* Supports multiple cryptographic algorithms such as AES-XTS, AES-CBC, and Camellia-CBCAES. * Allows the root partition to be encrypted. The passphrase used to access the encrypted root partition will be requested during system boot. * Allows the use of two independent keys. * It is fast as it performs simple sector-to-sector encryption.