geli was initially written to protect data on a user's computer in situations of physical theft of hardware, disallowing the thief access to the protected data. This has changed over time with the introduction of optional data authentication/integrity verification.
geli allows the key to consist of several information components (a user entered passphrase, random bits from a file, etc.), permits multiple keys (a user key and a company key, for example) and can attach a provider with a random, one-time key. The user passphrase is strengthened with PKCS#5.
Differences from GBDE
The geli utility is different from gbde in that it offers different features and uses a different scheme for doing cryptographic work. It supports the crypto framework within FreeBSD, allowing hardware cryptographic acceleration if available, as well as supporting more cryptographic algorithms (currently AES, Triple DES, Blowfish and Camellia) and data authentication/integrity verification via MD5, SHA1, RIPEMD160, SHA256, SHA384 or SHA512 as Hash Message Authentication Codes.
- Lucky Green. "Encrypting disk partitions". FreeBSD handbook. Retrieved 2015-06-14.
- Dawidek, Pawel Jakub (2006-06-08). "Data authentication for geli(8) committed to HEAD". Retrieved 2015-06-14.
- "GELI(8)". FreeBSD man pages. Retrieved 2015-06-14.