On Fri, Dec 12, 2025 at 04:38:36PM -0700, [email protected] wrote: > I have been using vnconfig encrypted filesystems since they were > introduced, and am concerned that maybe I have been doing something > wrong all these years. > > Yes, I am considering using softraid crypto, but I am still curious > about this issue. > > I have been creating the filesystem on 'c' instead of on 'a'. To be > specific, the following is a version of what I have been using: > > #!/bin/sh > # Create a vnconfig encrypted filesystem, > # using ffs, and on vnd1c > doas dd if=/dev/zero of=efsc bs=1m count=1 > doas vnconfig -K 1000 -S salt -v /dev/vnd1c efsc > doas newfs /dev/rvnd1c > # Need this before attempting do mount > doas vnconfig -u vnd1 > > which creates the encrypted filesystem that I have been using for over > a decade, which is mounted with: > > #!/bin/sh > doas vnconfig -S salt -K 1000 /dev/vnd1c efsc > doas mount /dev/vnd1c fsc > > My question is this. Should I instead have created the filesystem with: > > #!/bin/sh > # Create a vnconfig encrypted filesystem, > # using disklabel, and on vnd2a > doas dd if=/dev/zero of=efsa bs=1m count=1 > doas vnconfig -K 1000 -S salt -v /dev/vnd2c efsa > echo 'a a\n\n\n\nw\nq\n' | doas disklabel -E vnd2 > doas newfs /dev/rvnd2a > # Need this before attempting do mount > doas vnconfig -u vnd2 > > which mounts using: > > #!/bin/sh > doas vnconfig -S salt -K 1000 /dev/vnd2c efsa > doas mount /dev/vnd2a fsa > > Both seem to work fine. Which one is correct? > > If one is wrong (which would probably be the one that I have been > using), then what are the problems that occur as a result of using the > wrong one? > > Thanks >
https://www.openbsd.org/faq/faq14.html Summary: if your platform has fdisk, use it. In a lot of cases you won't see the difference, but better be safe than sorry. -Otto
