File backed encrypted file system on FreeBSD 6.2

Lars Sommer, lasg@lasg.dk, 2008-01-10, Written as a personal note.

This is useful when you need an encrypted file system,
without modifying the partition table.

Directly based on:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-virtual.html
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html


Names and paths used

I’m making my stuff in a separate folder in my homedir, just for testing
purposes. You should think of better places to keep some of these.
cryptfile is the big file containing the file system.
md0.key is the master encryption key. This is as important as your passphrase,
and should be stored securely.
mntpoint is the mount point for the encrypted file system.


First time setup

Make a 100MB file container:

dd if=/dev/random of=cryptfile bs=1k count=100k

mdconfig -a -t vnode -f cryptfile -u 0
bsdlabel -w md0 auto

dd if=/dev/random of=md0.key bs=64 count=1
geli init -s 4096 -K md0.key /dev/md0

geli attach -k md0.key /dev/md0
dd if=/dev/random of=/dev/md0.eli bs=1m
newfs /dev/md0.eli
mount /dev/md0.eli mntpoint

umount mntpoint
geli detach md0.eli

mdconfig -d -u 0

Daily use, mounting:

mdconfig -a -t vnode -f cryptfile -u 0
geli attach -k md0.key /dev/md0
mount /dev/md0.eli mntpoint

Daily use, unmounting:

umount mntpoint
geli detach md0.eli
mdconfig -d -u 0


Skriv et svar

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *