geli is a block device-layer disk encryption system written for FreeBSD, introduced in version 6.0. It uses the GEOM disk framework. It was designed and implemented by Paweł Jakub Dawidek.[1]
Design details
editgeli was initially written to protect data on a user's computer in situations of physical theft of hardware, disallowing the thief access to the protected data. This has changed over time with the introduction of optional data authentication/integrity verification.[2]
geli allows the key to consist of several information components (a user entered passphrase, random bits from a file, etc.), permits up to 2 keys (a user key and a company key, for example),[3] and can attach a provider with a random, one-time key. The user passphrase is strengthened with PKCS#5.[4]
Differences from GBDE
editThe geli utility is different from gbde in that it offers different features and uses a different scheme for doing cryptographic work. It supports the crypto framework within FreeBSD, allowing hardware cryptographic acceleration if available, as well as supporting more cryptographic algorithms (currently AES, Triple DES, Blowfish and Camellia) and data authentication/integrity verification via MD5, SHA1, RIPEMD160, SHA256, SHA384 or SHA512 as Hash Message Authentication Codes.[4]
See also
editReferences
edit- ^ Lucky Green. "Encrypting disk partitions". FreeBSD handbook. Retrieved 2015-06-14.
- ^ Dawidek, Pawel Jakub (2006-06-08). "Data authentication for geli(8) committed to HEAD". Retrieved 2015-06-14.
- ^ "g_eli.h:255". Retrieved 5 January 2024.
- ^ a b "GELI(8)". FreeBSD man pages. Retrieved 2015-06-14.