Provide warning when changing key or passphrase and open download-key dialog
Description
Problem/Justification
None
Impact
None
SmartDraw Connector
Katalon Manual Tests (BETA)
Activity
Show:

Timothy Moore II August 27, 2019 at 1:58 PM
Docs commits https://github.com/freenas/freenas-docs/commit/b09468579a3d9cadf09c219b46e33509bd198ed4 and https://github.com/freenas/freenas-docs/commit/25bc22bfd4f2d96a2be5fe2edae0e24319969c54 appear to resolve docs needs for this ticket.

Dennis Mullen July 9, 2019 at 1:58 PM

Craig King July 3, 2019 at 8:02 AM
Attached. To be clear, I noticed this while testing recovery scenario's in a virtualised FreeNAS instance prior to committing data to an encrypted pool. Also, the geli dumps were against /dev/ada1p2 for obvious reasons. I can't correct this in the description.

Dru Lavigne July 2, 2019 at 5:15 PM
please attach a debug (System -> Advanced -> Save debug) to this ticket.
Complete
Pinned fields
Click on the next to a field label to start pinning.
Details
Details
Assignee

Reporter

Components
Fix versions
Affects versions
Priority
More fields
Time tracking
More fields
Time trackingKatalon Platform
Linked Test Cases, Katalon Defect Results, Katalon Studio Test Results
Katalon Platform
Linked Test Cases, Katalon Defect Results, Katalon Studio Test Results
Created July 2, 2019 at 3:39 PM
Updated July 1, 2022 at 4:35 PM
Resolved October 30, 2019 at 5:16 PM
Creating a NEW passphrase for an encrypted pool erases any previously-created recovery key. Changing an EXISTING passphrase does not.
Steps to reproduce:
1. Create a new encrypted pool.
Only 1 key slot is used (as expected):
$ geli dump /dev/ada1p1
keys: 0x01
2. Add a recovery key to the pool.
Now 2 slots are used (as expected):
$ geli dump /dev/ada1p1
keys: 0x03
Lock and unlocking the pool using the recovery key works fine.
3. Create a passphrase for the pool.
Slot 1 is erased.
$ geli dump /dev/ada1p1
keys: 0x01
Attempting to unlock the pool using the recovery key created in step (2) fails.
Expected results:
The recovery key, once set, should never be erased OR the user should be warned that this will be the case.