clarify that -K needs an argument >= 1000, and add two examples dealing with

encrypted images.

help from and ok pedro@ jmc@

1 files changed, 23 insertions, 1 deletions

diff --git a/usr.sbin/vnconfig/vnconfig.8 b/usr.sbin/vnconfig/vnconfig.8
index 6223fc09973..1f8cecb951a 100644
--- a/usr.sbin/vnconfig/vnconfig.8
+++ b/usr.sbin/vnconfig/vnconfig.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: vnconfig.8,v 1.26 2006/07/01 07:47:49 jmc Exp $
+.\"	$OpenBSD: vnconfig.8,v 1.27 2007/01/14 21:45:01 grunk Exp $
 .\"
 .\" Copyright (c) 1993 University of Utah.
 .\" Copyright (c) 1980, 1989, 1991, 1993
@@ -91,6 +91,9 @@ written to the disk.
 The user is asked for both a passphrase and the name of a salt file.
 These are combined according to PKCS #5 PBKDF2 for the specified number of
 rounds to generate the actual key used.
+.Ar rounds
+is a number between 1000 and
+.Dv INT_MAX .
 DO NOT LOSE THE SALT FILE.
 Encryption only works with
 .Pa svnd .
@@ -123,6 +126,25 @@ and mount the ISO 9660 file system contained in it:
 # mount -t cd9660 /dev/svnd0c /mnt
 .Ed
 .Pp
+Configure an encrypted image file as vnode disk svnd0 and mount the FFS
+file system contained in it.
+The encryption key does not echo and must be entered every time
+the vnode disk is configured.
+.Bd -literal -offset indent
+# vnconfig -k svnd0 /tmp/cryptimg
+Encryption key:
+# mount /dev/svnd0c /mnt
+.Ed
+.Pp
+Same as above, but now configure the vnode using PKCS #5 PBKDF2 and
+a salt file with 1000 rounds:
+.Bd -literal -offset indent
+# vnconfig -K 1000 svnd0 /tmp/cryptimg
+Encryption key:
+Salt file: /tmp/cryptsalt
+# mount /dev/svnd0c /mnt
+.Ed
+.Pp
 Unmount the file system and unconfigure the vnode device:
 .Bd -literal -offset indent
 # umount /mnt