*New 12.1 series Release:
2020-07-21: XigmaNAS - released

*New 11.4 series Release:
2020-07-20: XigmaNAS - released!

We really need "Your" help on XigmaNAS https://translations.launchpad.net/xigmanas translations. Please help today!

Producing and hosting XigmaNAS costs money. Please consider donating for our project so that we can continue to offer you the best.
We need your support! eg: PAYPAL

[Feature request] More encryption/geli support in GUI, please

Post/Debate your Suggestions & Requests of XigmaNAS here. This ONLY pertains to XigmaNAS.
Forum rules
Set-Up GuideFAQsForum Rules
Post Reply
User avatar
Posts: 51
Joined: 23 Jun 2012 15:57
Location: near Boston, MA, USA.
Status: Offline

[Feature request] More encryption/geli support in GUI, please


Post by Earendil »

All ten of my HDDs are encrypted with geli for my two RAIDZ1 pools. Every time I replace a HDD I need to go to PuTTY to do all that I need to do. What I need for each HDD from "geli init":
  • -b switch enables the boot flag for geli. This means I can apply my passphrase all at once during XigmaNAS boot up. I just need to be KVM's into the XigmaNAS box itself.
  • -s 4096 switch enables the ada#.eli (the HDD the system sees and is encrypted [Providers], not the lower, basic HDD level which is not encrypted and is accessible by anyone on any HDD [Consumers]) to have a sector size of 4096. Otherwise it defaults to 512 bytes which is said to be less efficient.
  • -l 256 switch sets the default encryption (AES-XTS) to a key size of 256 bytes instead of the default of 128 bytes. More is always better.
  • -J - switch enables a passphrase to be entered as standard input. In other words as soon as the "geli init" command is entered at a command line interface (CLI, like in PuTTY), it waits for a passphrase to be entered as well.
The "geli list" result looks like:

Code: Select all

Geom name: ada3.eli
EncryptionAlgorithm: AES-XTS
KeyLength: 256
Crypto: hardware
Version: 7
UsedKey: 0
Flags: BOOT
KeysAllocated: 466
KeysTotal: 466
1. Name: ada3.eli
   Mediasize: 2000398929920 (1.8T)
   Sectorsize: 4096
   Mode: r0w0e0
1. Name: ada3
   Mediasize: 2000398934016 (1.8T)
   Sectorsize: 512
   Stripesize: 4096
   Stripeoffset: 0
   Mode: r1w1e1
Well, my feature requests are:
  1. In the Encryption page, I wish the type of encryption column had more detail. For example AES is all that is listed but it could be AES-XTS or AES-CBC.
  2. Add a flag during the encryption creation process (started on the Encryption webpage by hitting the big "+" sign and there being an unattached HDD in your system that's available) to enable setting the boot flag with to the encrypted HDD. I DO realize this switch can be set at any time with the "geli configure" command at the CLI, even at the Execute Command webpage.
  3. Add the option to set the sector size of the ada#.eli (the encrypted HDD) also during the encryption creation process. This switch CANNOT be set by the "geli configure" command, appears it's done only when the encrypted HDD is created and initialized by "geli init".
I appreciate that the passphrase set switch and the -e switch to set various types of encryption (AES-XTS, AES-CBC, Blowfish, Camellia, 3DES) are already in the XigmaNAS GUI. Thank you.

XigmaNAS server:
-AMD A10-7860K APU
-Gigabyte F2A88XM-D3HP w/16GB RAM
-pool0 - 4x 2 TB WD green HDDs
-pool1 - 6x 8 TB WD white HDDs
-Ziyituod (used to be Ubit) SA3014 PCI-e 1x SATA card
-External Orico USB 3.0 5 bay HDD external enclosure set at RAID 5
--5x 4 TB WD green HDDs
-650W power supply

Post Reply

Return to “Suggestions & Requests”