Lars Sommer, [email protected], 2008-01-10
Written as a personal note.
This is useful when you need an encrypted file system, without modifying the partition table. Directly based on: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-virtual.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html --- Names and paths used I'm making my stuff in a separate folder in my homedir, just for testing purposes. You should think of better places to keep some of these. cryptfile is the big file containing the file system. md0.key is the master encryption key. This is as important as your passphrase, and should be stored securely. mntpoint is the mount point for the encrypted file system. --- First time setup Make a 100MB file container: dd if=/dev/random of=cryptfile bs=1k count=100k mdconfig -a -t vnode -f cryptfile -u 0 bsdlabel -w md0 auto dd if=/dev/random of=md0.key bs=64 count=1 geli init -s 4096 -K md0.key /dev/md0 geli attach -k md0.key /dev/md0 dd if=/dev/random of=/dev/md0.eli bs=1m newfs /dev/md0.eli mount /dev/md0.eli mntpoint umount mntpoint geli detach md0.eli mdconfig -d -u 0 --- Daily use, mounting: mdconfig -a -t vnode -f cryptfile -u 0 geli attach -k md0.key /dev/md0 mount /dev/md0.eli mntpoint --- Daily use, unmounting: umount mntpoint geli detach md0.eli mdconfig -d -u 0
