gshsec —
control utility for shared secret
devices
gshsec |
label [-hv]
name prov prov ... |
gshsec |
stop [-fv]
name ... |
gshsec |
clear [-v]
prov ... |
The gshsec utility is used for setting up a device which
contains a shared secret. The secret is shared between the given providers. To
collect the secret, all providers are needed. If one of the components is
missing, there is no way to get any useful data from the rest of them. The
first argument to gshsec indicates an action to be
performed:
label- Set up a shared secret device from the given components with the specified
name. Metadata are stored in the last sector of
every component.
stop- Turn off an existing shared secret device by its
name. This command does not touch on-disk
metadata!
clear- Clear metadata on the given providers.
dump- Dump metadata stored on the given providers.
list- See geom(8).
status- See geom(8).
load- See geom(8).
unload- See geom(8).
Additional options:
-f- Force the removal of the specified shared secret device.
-h- Hardcode providers' names in metadata.
-v- Be more verbose.
Exit status is 0 on success, and 1 if the command fails.
The following example shows how to create a shared secret device.
The secret will be split between a slice on a local disk and a USB Pen
drive.
gshsec label -v secret /dev/ada0s1 /dev/da0
newfs /dev/shsec/secret
From now on, when the USB Pen drive is inserted, it will be
automatically detected and connected, making the secret available via the
/dev/shsec/secret device.
The gshsec utility appeared in
FreeBSD 5.4.