*New 12.1 series Release:
2019-11-08: XigmaNAS 12.1.0.4.7091 - released!

*New 11.3 series Release:
2019-10-19: XigmaNAS 11.3.0.4.7014 - released


We really need "Your" help on XigmaNAS https://translations.launchpad.net/xigmanas translations. Please help today!

Producing and hosting XigmaNAS costs money. Please consider donating for our project so that we can continue to offer you the best.
We need your support! eg: PAYPAL

[Feature request] More encryption/geli support in GUI, please

Post/Debate your Suggestions & Requests of XigmaNAS here. This ONLY pertains to XigmaNAS.
Forum rules
Set-Up GuideFAQsForum Rules
Post Reply
User avatar
Earendil
Moderator
Moderator
Posts: 44
Joined: 23 Jun 2012 15:57
Location: near Boston, MA, USA.
Status: Offline

[Feature request] More encryption/geli support in GUI, please

#1

Post by Earendil » 16 Feb 2019 23:53

All ten of my HDDs are encrypted with geli for my two RAIDZ1 pools. Every time I replace a HDD I need to go to PuTTY to do all that I need to do. What I need for each HDD from "geli init":
  • -b switch enables the boot flag for geli. This means I can apply my passphrase all at once during XigmaNAS boot up. I just need to be KVM's into the XigmaNAS box itself.
  • -s 4096 switch enables the ada#.eli (the HDD the system sees and is encrypted [Providers], not the lower, basic HDD level which is not encrypted and is accessible by anyone on any HDD [Consumers]) to have a sector size of 4096. Otherwise it defaults to 512 bytes which is said to be less efficient.
  • -l 256 switch sets the default encryption (AES-XTS) to a key size of 256 bytes instead of the default of 128 bytes. More is always better.
  • -J - switch enables a passphrase to be entered as standard input. In other words as soon as the "geli init" command is entered at a command line interface (CLI, like in PuTTY), it waits for a passphrase to be entered as well.
The "geli list" result looks like:

Code: Select all

Geom name: ada3.eli
State: ACTIVE
EncryptionAlgorithm: AES-XTS
KeyLength: 256
Crypto: hardware
Version: 7
UsedKey: 0
Flags: BOOT
KeysAllocated: 466
KeysTotal: 466
Providers:
1. Name: ada3.eli
   Mediasize: 2000398929920 (1.8T)
   Sectorsize: 4096
   Mode: r0w0e0
Consumers:
1. Name: ada3
   Mediasize: 2000398934016 (1.8T)
   Sectorsize: 512
   Stripesize: 4096
   Stripeoffset: 0
   Mode: r1w1e1
Well, my feature requests are:
  1. In the Encryption page, I wish the type of encryption column had more detail. For example AES is all that is listed but it could be AES-XTS or AES-CBC.
  2. Add a flag during the encryption creation process (started on the Encryption webpage by hitting the big "+" sign and there being an unattached HDD in your system that's available) to enable setting the boot flag with to the encrypted HDD. I DO realize this switch can be set at any time with the "geli configure" command at the CLI, even at the Execute Command webpage.
  3. Add the option to set the sector size of the ada#.eli (the encrypted HDD) also during the encryption creation process. This switch CANNOT be set by the "geli configure" command, appears it's done only when the encrypted HDD is created and initialized by "geli init".
I appreciate that the passphrase set switch and the -e switch to set various types of encryption (AES-XTS, AES-CBC, Blowfish, Camellia, 3DES) are already in the XigmaNAS GUI. Thank you.
Earendil

XigmaNAS server:
-AMD A10-7860K APU
-Gigabyte F2A88XM-D3HP w/16GB RAM
-Green & Red HDDs
--4x 2TB
--6x 4TB
-Syba SI-PEX40064 PCI-e 1x
-External Orico USB 3.0 5 bay HDD external enclosure set at RAID 5
--5x 2TB
-650W power supply

Post Reply

Return to “Suggestions & Requests”