I have been using vnconfig encrypted filesystems since they were
introduced, and am concerned that maybe I have been doing something
wrong all these years.
Yes, I am considering using softraid crypto, but I am still curious
about this issue.
I have been creating the filesystem on 'c' instead of on 'a'. To be
specific, the following is a version of what I have been using:
#!/bin/sh
# Create a vnconfig encrypted filesystem,
# using ffs, and on vnd1c
doas dd if=/dev/zero of=efsc bs=1m count=1
doas vnconfig -K 1000 -S salt -v /dev/vnd1c efsc
doas newfs /dev/rvnd1c
# Need this before attempting do mount
doas vnconfig -u vnd1
which creates the encrypted filesystem that I have been using for over
a decade, which is mounted with:
#!/bin/sh
doas vnconfig -S salt -K 1000 /dev/vnd1c efsc
doas mount /dev/vnd1c fsc
My question is this. Should I instead have created the filesystem with:
#!/bin/sh
# Create a vnconfig encrypted filesystem,
# using disklabel, and on vnd2a
doas dd if=/dev/zero of=efsa bs=1m count=1
doas vnconfig -K 1000 -S salt -v /dev/vnd2c efsa
echo 'a a\n\n\n\nw\nq\n' | doas disklabel -E vnd2
doas newfs /dev/rvnd2a
# Need this before attempting do mount
doas vnconfig -u vnd2
which mounts using:
#!/bin/sh
doas vnconfig -S salt -K 1000 /dev/vnd2c efsa
doas mount /dev/vnd2a fsa
Both seem to work fine. Which one is correct?
If one is wrong (which would probably be the one that I have been
using), then what are the problems that occur as a result of using the
wrong one?
Thanks
