Module Name: src
Committed By: jruoho
Date: Thu Apr 15 08:28:41 UTC 2010
Modified Files:
src/share/man/man4: cgd.4
Log Message:
Small markup changes.
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/share/man/man4/cgd.4
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/man/man4/cgd.4
diff -u src/share/man/man4/cgd.4:1.14 src/share/man/man4/cgd.4:1.15
--- src/share/man/man4/cgd.4:1.14 Wed Apr 14 13:06:45 2010
+++ src/share/man/man4/cgd.4 Thu Apr 15 08:28:41 2010
@@ -1,4 +1,4 @@
-.\" $NetBSD: cgd.4,v 1.14 2010/04/14 13:06:45 wiz Exp $
+.\" $NetBSD: cgd.4,v 1.15 2010/04/15 08:28:41 jruoho Exp $
.\"
.\" Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd April 14, 2010
+.Dd April 15, 2010
.Dt CGD 4
.Os
.Sh NAME
@@ -51,24 +51,35 @@
.Ed
.Pp
The count argument defines how many
-.Nm Ns 's
-may be configured at a time.
+.Nm Ns
+devices may be configured at a time.
.Ss Encryption Algorithms
Currently the following cryptographic algorithms are supported:
.Bl -tag -width indentxxxxxxx
-.It aes-cbc
-AES in CBC mode.
-AES uses a 128 bit blocksize and can accept keys of
-length 128, 192, or 256.
+.It Ic aes-cbc
+.Tn AES
+in
+.Tn CBC
+mode.
+.Tn AES
+uses a 128 bit blocksize and can accept keys of length 128, 192, or 256.
The default key length is 128.
-.It 3des-cbc
-Triple DES in CBC mode.
-Triple DES uses a 64 bit blocksize and is
-performed in EDE3 mode with a 168 bit key.
-The key passed to the kernel
-is 192 bits but the parity bits are ignored.
-.It blowfish-cbc
-Blowfish in CBC mode.
+.It Ic 3des-cbc
+Triple
+.Tn DES
+in
+.Tn CBC
+mode.
+Triple
+.Tn DES
+uses a 64 bit blocksize and is performed in
+.Tn EDE3
+mode with a 168 bit key.
+The key passed to the kernel is 192 bits but the parity bits are ignored.
+.It Ic blowfish-cbc
+Blowfish in
+.Tn CBC
+mode.
Blowfish uses a 64 bit blocksize and can accept keys between 40 and
448 bits in multiples of 8.
It is strongly encouraged that keys be at least 128 bits long.
@@ -76,24 +87,42 @@
The default key length is 128 bits.
.El
.Ss IV Methods
-Currently, the following IV Methods are supported:
+Currently, the following
+.Tn IV
+Methods are supported:
.Bl -tag -width encblkno1
-.It encblkno1
+.It Ic encblkno1
This method encrypts the block number of the physical disk block once with
-the cipher and key provided and uses the result as the IV for CBC mode.
-This method should ensure that each block has a different IV and that the IV
+the cipher and key provided and uses the result as the
+.Tn IV
+for
+.Tn CBC
+mode.
+This method should ensure that each block has a different
+.Tn IV
+and that the
+.Tn IV
is reasonably unpredictable.
This is the default method used by
.Xr cgdconfig 8
-when configuring new
-.Nm Ns 's .
-.It encblkno8
-This is the original IV method used by
+when configuring a new
+.Nm Ns .
+.It Ic encblkno8
+This is the original
+.Tn IV
+method used by
.Nm
and provided for backward compatibility.
It repeatedly encrypts the block number of the physical disk block
-eight times and uses the result as the IV for CBC mode.
-This method should ensure that each block has a different IV and that the IV
+eight times and uses the result as the
+.Tn IV
+for
+.Tn CBC
+mode.
+This method should ensure that each block has a different
+.Tn IV
+and that the
+.Tn IV
is reasonably unpredictable.
The eightfold encryption was not intended and causes a notable
performance loss with little (if any) increase in security over a
@@ -107,24 +136,25 @@
calls defined in
.Xr sd 4 ,
and also defines the following:
-.Bl -tag -width CGDIOCSET
-.It CGDIOCSET
-configure the
+.Bl -tag -width CGDIOCSET -offset indent
+.It Dv CGDIOCSET
+Configure the
.Nm .
This
.Xr ioctl 2
sets up the encryption parameters and points the
.Nm
at the underlying disk.
-.It CGDIOCCLR
-unconfigures the
+.It Dv CGDIOCCLR
+Unconfigure the
.Nm .
.El
.Pp
These
.Xr ioctl 2 Ns 's
and their associated data structures are defined in
-.Pa /usr/include/dev/cgdvar.h .
+.In dev/cgdvar.h
+header.
.Sh WARNINGS
It goes without saying that if you forget the passphrase that you used
to configure a
