* first 24B in /adm/keys
@ 2016-11-12 11:36 arisawa
2016-11-12 13:27 ` [9front] " cinap_lenrek
0 siblings, 1 reply; 3+ messages in thread
From: arisawa @ 2016-11-12 11:36 UTC (permalink / raw)
To: 9front
hello cinap,
I have been in trouble since last updating. perhaps I did something stupid.
I wanted to initialize /adm/keyfs so that dp9ik can work.
however I couldn’t find the description for that in manual.
I looked /sys/src/cmd/auth/keyfs.c to fix the problem and found:
term% echo AES KEYS0123456789012345>/adm/keys
term% >/adm/keys.who
can initialize /adm/keys in dp9ik format.
but I am uneasy because I don’t know 0123456789012345 ( referred as iv[16] in comment in keyfs.c) is OK or not.
what is intended for iv[16] and what is recommended value for it?
it seems the content in iv[16] is not checked in current code, however future code may check it.
Kenji Arisawa
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [9front] first 24B in /adm/keys
2016-11-12 11:36 first 24B in /adm/keys arisawa
@ 2016-11-12 13:27 ` cinap_lenrek
2016-11-13 3:05 ` arisawa
0 siblings, 1 reply; 3+ messages in thread
From: cinap_lenrek @ 2016-11-12 13:27 UTC (permalink / raw)
To: 9front
keyfs writes a new file when you add/change users. when theres
no previous des format keydb, then it will always create a new
file in aes format as long as it has the aes key which it gets
from nvram or calculates itself from the password (-p flag) on
startup.
so, unless you use -p flag, make sure you have the aes key
stored in your nvram. you can do that with auth/wrkey.
whenever you change users in keyfs, it will reencrypt everything
and write a new file. it will also generate a new random iv
each time so the value you put there doesnt matter.
--
cinap
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [9front] first 24B in /adm/keys
2016-11-12 13:27 ` [9front] " cinap_lenrek
@ 2016-11-13 3:05 ` arisawa
0 siblings, 0 replies; 3+ messages in thread
From: arisawa @ 2016-11-13 3:05 UTC (permalink / raw)
To: 9front
thanks, cinap.
ok, I confirmed that when we want to initialize key datebase
it is enough to remove /adm/keys and /adm/keys.who.
thanks again.
> 2016/11/12 22:27、cinap_lenrek@felloff.net のメール:
>
> keyfs writes a new file when you add/change users. when theres
> no previous des format keydb, then it will always create a new
> file in aes format as long as it has the aes key which it gets
> from nvram or calculates itself from the password (-p flag) on
> startup.
>
> so, unless you use -p flag, make sure you have the aes key
> stored in your nvram. you can do that with auth/wrkey.
>
> whenever you change users in keyfs, it will reencrypt everything
> and write a new file. it will also generate a new random iv
> each time so the value you put there doesnt matter.
>
> --
> cinap
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-11-13 3:05 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-11-12 11:36 first 24B in /adm/keys arisawa
2016-11-12 13:27 ` [9front] " cinap_lenrek
2016-11-13 3:05 ` arisawa
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).