Geli (software)

geli is a block device-layer disk encryption system written for FreeBSD, introduced in version 6.0. It utilises the GEOM disk framework. It was designed and implemented by Paweł Jakub Dawidek.[1]

Design details

geli was initially written to protect data on a user's computer in situations of physical theft of hardware, disallowing the thief access to the protected data. This has changed over time with the introduction of optional data authentication/integrity verification.[2]

geli allows the key to consist of several information components (a user entered passphrase, random bits from a file, etc.), permits multiple keys (a user key and a company key, for example) and can attach a provider with a random, one-time key. The user passphrase is strengthened with PKCS#5.[3]

Differences from GBDE

The geli utility is different from gbde in that it offers different features and uses a different scheme for doing cryptographic work. It supports the crypto framework within FreeBSD, allowing hardware cryptographic acceleration if available, as well as supporting more cryptographic algorithms (currently AES, Triple DES, Blowfish and Camellia) and data authentication/integrity verification via MD5, SHA1, RIPEMD160, SHA256, SHA384 or SHA512 as Hash Message Authentication Codes.[3]

See also

References

  1. Lucky Green. "Encrypting disk partitions". FreeBSD handbook. Retrieved 2015-06-14.
  2. Dawidek, Pawel Jakub (2006-06-08). "Data authentication for geli(8) committed to HEAD.". Retrieved 2015-06-14.
  3. 1 2 "GELI(8)". FreeBSD man pages. Retrieved 2015-06-14.
This article is issued from Wikipedia - version of the Wednesday, February 10, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.