Geli (software)
Encyclopedia
geli is a block device-layer disk encryption
Disk encryption
Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device . This article presents cryptographic aspects of the problem...

 system written for FreeBSD
FreeBSD
FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant...

, introduced in version 6.0. It utilises the GEOM
GEOM
GEOM is the main storage framework for the FreeBSD operating system. It is available in FreeBSD 5.0 and higher and provides a standardized way to access storage layers. GEOM is modular and allows for geom modules to connect to the framework. For example, the geom_mirror module will provide RAID1 or...

 disk framework. It was designed and implemented by Pawel Jakub Dawidek.

Design details

geli was initially written to protect data on a user's computer in situations of physical theft of hardware, disallowing the thief access to the protected data. This has changed over time with the introduction of optional data authentication/integrity verification.

geli allows the key to consist of several information components (a user entered passphrase, random bits from a file, etc.), permits multiple keys (a user key and a company key, for example) and can attach a provider with a random, one-time key. The user passphrase is strengthened with PKCS#5.

Differences from GBDE

The geli utility is different to gbde
GBDE
GBDE, standing for GEOM Based Disk Encryption, is a block device-layer disk encryption system written for FreeBSD, initially introduced in version 5.0. It is based on the GEOM disk framework. GBDE was designed and implemented by Poul-Henning Kamp and Network Associates Inc...

 in that it offers different features and uses a different scheme for doing cryptographic work. geli supports the crypto framework within FreeBSD, allowing hardware cryptographic acceleration if available, as well as supporting more cryptographic algorithms (currently AES
AES
AES may refer to:Standards, systems, and methods* Application Environment Services, a component of Digital Research's GEM windowing system* The Advanced Encryption Standard...

, Triple DES
Triple DES
In cryptography, Triple DES is the common name for the Triple Data Encryption Algorithm block cipher, which applies the Data Encryption Standard cipher algorithm three times to each data block....

, Blowfish
Blowfish (cipher)
Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date...

 and Camellia
Camellia (cipher)
In cryptography, Camellia is a 128-bit block cipher jointly developed by Mitsubishi and NTT. The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project...

) and data authentication/integrity verification via MD5
MD5
The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...

, SHA1, RIPEMD160, SHA256, SHA384 or SHA512 as Hash Message Authentication Code
HMAC
In cryptography, HMAC is a specific construction for calculating a message authentication code involving a cryptographic hash function in combination with a secret key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message...

s.

See also

  • GBDE
    GBDE
    GBDE, standing for GEOM Based Disk Encryption, is a block device-layer disk encryption system written for FreeBSD, initially introduced in version 5.0. It is based on the GEOM disk framework. GBDE was designed and implemented by Poul-Henning Kamp and Network Associates Inc...

  • Disk encryption
    Disk encryption
    Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device . This article presents cryptographic aspects of the problem...

  • Disk encryption software
    Disk encryption software
    To protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. This article discusses software that is used to implement the technique...

  • Comparison of disk encryption software
    Comparison of disk encryption software
    -Background information:-Operating systems:-Features:* Hidden containers: Whether hidden containers can be created for deniable encryption...

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK