Geli (software)

From Wikipedia, the free encyclopedia
Jump to: navigation, search

geli is a block device-layer disk encryption system written for FreeBSD, introduced in version 6.0. It utilises the GEOM disk framework. It was designed and implemented by Paweł Jakub Dawidek.[1]

Design details[edit]

geli was initially written to protect data on a user's computer in situations of physical theft of hardware, disallowing the thief access to the protected data. This has changed over time with the introduction of optional data authentication/integrity verification.[2]

geli allows the key to consist of several information components (a user entered passphrase, random bits from a file, etc.), permits multiple keys (a user key and a company key, for example) and can attach a provider with a random, one-time key. The user passphrase is strengthened with PKCS#5.[3]

Differences from GBDE[edit]

The geli utility is different from gbde in that it offers different features and uses a different scheme for doing cryptographic work. It supports the crypto framework within FreeBSD, allowing hardware cryptographic acceleration if available, as well as supporting more cryptographic algorithms (currently AES, Triple DES, Blowfish and Camellia) and data authentication/integrity verification via MD5, SHA1, RIPEMD160, SHA256, SHA384 or SHA512 as Hash Message Authentication Codes.[4]

See also[edit]

References[edit]

  1. ^ "Encrypting disk partitions". FreeBSD handbook. Retrieved 2009-05-08. 
  2. ^ "Data authentication for geli(8) committed to HEAD.". Retrieved 2009-05-08. 
  3. ^ "geli(8) man page". FreeBSD man pages. Retrieved 2009-05-08. 
  4. ^ "geli(8) man page". FreeBSD man pages. Retrieved 2009-05-08.