Simple disk encryption for off-site backup
gmx at ross.cx
Thu Feb 27 06:13:46 UTC 2014
On Thu, 27 Feb 2014 04:59:04 +0100, Polytropon <freebsd at edvax.de> wrote:
> I'm planning to add a new disk next month to my home setup.
> It should be an external USB disk for off-site (really!)
> backup. That's why I would like to see the content encrypted.
> I have no problem with entering a long passphrase when mounting
> the disk for backup or restore operations, and probably I would
> not feel safe enough by just using keys (stored somewhere).
> The file system will be UFS, so there is no need to worry that
> some other OS or "Windows" would not be able to read it. :-)
> My question is: What is the _easiest_ mechanism to initialize
> a disk for encrypted use? It should work with FreeBSD 9 and 10
> in the first place.
I am using geli for that.
Copied from the man page:
Initialize a provider which is going to be encrypted with a passphrase
and random data from a file on the user's pen drive. Use 4kB sector
size. Attach the provider, create a file system, and mount it. Do
work. Unmount the provider and detach it:
# dd if=/dev/random of=/mnt/pendrive/da2.key bs=64 count=1
# geli init -s 4096 -K /mnt/pendrive/da2.key /dev/da2
Enter new passphrase:
Reenter new passphrase:
# geli attach -k /mnt/pendrive/da2.key /dev/da2
# dd if=/dev/random of=/dev/da2.eli bs=1m
# newfs /dev/da2.eli
# mount /dev/da2.eli /mnt/secret
# umount /mnt/secret
# geli detach da2.eli
More information about the freebsd-questions