Lars Sommer, [email protected], 2008-01-10, Written as a personal note.
This is useful when you need an encrypted file system,
without modifying the partition table.
Directly based on:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-virtual.html
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html
Names and paths used
I’m making my stuff in a separate folder in my homedir, just for testing
purposes. You should think of better places to keep some of these.
cryptfile is the big file containing the file system.
md0.key is the master encryption key. This is as important as your passphrase,
and should be stored securely.
mntpoint is the mount point for the encrypted file system.
First time setup
Make a 100MB file container:
dd if=/dev/random of=cryptfile bs=1k count=100k
mdconfig -a -t vnode -f cryptfile -u 0
bsdlabel -w md0 auto
dd if=/dev/random of=md0.key bs=64 count=1
geli init -s 4096 -K md0.key /dev/md0
geli attach -k md0.key /dev/md0
dd if=/dev/random of=/dev/md0.eli bs=1m
newfs /dev/md0.eli
mount /dev/md0.eli mntpoint
umount mntpoint
geli detach md0.eli
mdconfig -d -u 0
Daily use, mounting:
mdconfig -a -t vnode -f cryptfile -u 0
geli attach -k md0.key /dev/md0
mount /dev/md0.eli mntpoint
Daily use, unmounting:
umount mntpoint
geli detach md0.eli
mdconfig -d -u 0