Mountable encrypted file? What to use?

Geoff Fritz gfritz at
Mon Oct 12 16:38:48 UTC 2009

On Mon, Oct 12, 2009 at 06:33:40AM -0700, Greg Morell wrote:
> I like to keep all of my sensitive stuff in a few encrypted mountable files.
> Something where I can copy the file to a USB key for backup, but not
> worry if I lose the USB key since it's just an encrypted file.  But when
> on a computer, I can mount it as a volume.
> What should I use on FreeBSD?

Combine geli with the md device:

dd if=/dev/zero of=/tmp/secret bs=1 count=0 seek=1G
mdconfig -a -t vnode -f /tmp/secret -u 1984
geli load
geli init /dev/md1984 && geli attach /dev/md1984
newfs /dev/md1984.eli
mkdir /mnt/secret && mount /dev/md1984.eli /mnt/secret

echo "the formula for Coke is..." > /mnt/secret/secret_formula.txt

umount /mnt/secret
geli detach /dev/md1984.eli
mdconfig -d -u 1984
cp /tmp/secret /mnt/usbdrive

(I don't know off-hand the 'cp' options for copying sparse files correctly).

Read the man pages for all of the commands you are unfamiliar with.
geli(8) has a lot of flexible options.

-- Geoff

More information about the freebsd-questions mailing list