Geli (software) - AbsoluteAstronomy.com

geli is a block device-layer disk encryption

Disk encryption

Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device . This article presents cryptographic aspects of the problem...

system written for FreeBSD

FreeBSD

FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant...

, introduced in version 6.0. It utilises the GEOM

GEOM

GEOM is the main storage framework for the FreeBSD operating system. It is available in FreeBSD 5.0 and higher and provides a standardized way to access storage layers. GEOM is modular and allows for geom modules to connect to the framework. For example, the geom_mirror module will provide RAID1 or...

disk framework. It was designed and implemented by Pawel Jakub Dawidek.

Design details

geli was initially written to protect data on a user's computer in situations of physical theft of hardware, disallowing the thief access to the protected data. This has changed over time with the introduction of optional data authentication/integrity verification.

geli allows the key to consist of several information components (a user entered passphrase, random bits from a file, etc.), permits multiple keys (a user key and a company key, for example) and can attach a provider with a random, one-time key. The user passphrase is strengthened with PKCS#5.

Differences from GBDE

The geli utility is different to gbde

GBDE

GBDE, standing for GEOM Based Disk Encryption, is a block device-layer disk encryption system written for FreeBSD, initially introduced in version 5.0. It is based on the GEOM disk framework. GBDE was designed and implemented by Poul-Henning Kamp and Network Associates Inc...

in that it offers different features and uses a different scheme for doing cryptographic work. geli supports the crypto framework within FreeBSD, allowing hardware cryptographic acceleration if available, as well as supporting more cryptographic algorithms (currently AES

AES

AES may refer to:Standards, systems, and methods* Application Environment Services, a component of Digital Research's GEM windowing system* The Advanced Encryption Standard...

, Triple DES

Triple DES

In cryptography, Triple DES is the common name for the Triple Data Encryption Algorithm block cipher, which applies the Data Encryption Standard cipher algorithm three times to each data block....

, Blowfish

Blowfish (cipher)

Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date...

and Camellia

Camellia (cipher)

In cryptography, Camellia is a 128-bit block cipher jointly developed by Mitsubishi and NTT. The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project...

) and data authentication/integrity verification via MD5

MD5

The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...

, SHA1, RIPEMD160, SHA256, SHA384 or SHA512 as Hash Message Authentication Code

HMAC

In cryptography, HMAC is a specific construction for calculating a message authentication code involving a cryptographic hash function in combination with a secret key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message...

Design details

Differences from GBDE

See also