Re: Encrypted volume - how?
On 2006-01-23 09:39, Norberto Meijome <[EMAIL PROTECTED]> wrote: > Hi all, > I'm looking for a way to recreate the functionality of PGP Disk (under > Win32). Basically, create an encrypted file, which contains a > filesystem which can then be mounted in any mount point. > > I know I can use GELI in FreeBSD 6 - as I understand, it performs the > encryption at the partition level (the whole partition is encrypted). > I'd like to be able to simply unmount my 'secure volume', and be able > to back it up as a whole, or move it to another computer without > having to repartition the destination. I think GELI wouldn't be good > for this. If the destination computer runs FreeBSD too, you shouldn't need to repartition at all. > I think I've read somewhere that you could use openssl to generate an > encrypted volume and then mount it. I searched for a while and can't > find any reference to this. Does anyone know how to do this with > openssl, OR any other tool ? A simple way to do this is to create a file, mount it, then encrypt it with openssl after it's unmounted and remove the unencrypted file. # truncate -s 30m /tmp/file # mdconfig -a -t vnode -f /tmp/file -u 10 # newfs_msdos /dev/md10 # mount -t msdosfs /dev/md10 ... # umount /dev/md10 # openssl enc -bf < /tmp/file > /tmp/file.encrypted enter bf-cbc encryption password: Verifying - enter bf-cbc encryption password: # rm -f /tmp/file This has the advantage that, if you use a file as a `block device' that holds a single FAT filesystem, without any partitions at all, you can then use it in other operating systems too, i.e. in Solaris you could use openssl to decrypt the encrypted file, use lofiadm(1M) to create a /dev/lofi/XXX device and mount it as a FAT filesystem too. This is not as safe as using GELI or GBDE though. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Encrypted volume - how?
Brooks Davis wrote: On Mon, Jan 23, 2006 at 09:39:52AM +1100, Norberto Meijome wrote: Hi all, I'm looking for a way to recreate the functionality of PGP Disk (under Win32). Basically, create an encrypted file, which contains a filesystem which can then be mounted in any mount point. I know I can use GELI in FreeBSD 6 - as I understand, it performs the encryption at the partition level (the whole partition is encrypted). I'd like to be able to simply unmount my 'secure volume', and be able to back it up as a whole, or move it to another computer without having to repartition the destination. I think GELI wouldn't be good for this. GELI or GBDE are probably what you're looking for, you just need to use mdconfig to create a vnode (file) backed disk image which you will encrypt and then create a file system on. Thanks Brooks and everyone else who kindly pointed me in the right direction :) I think I will use GELI (i like the 2 key system, and it seems to be newer technology.) cheers, Beto ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Encrypted volume - how?
Norberto Meijome wrote on Sunday 22 January 2006 23:39: > Hi all, > I'm looking for a way to recreate the functionality of PGP Disk (under > Win32). Basically, create an encrypted file, which contains a filesystem > which can then be mounted in any mount point. > Why don't you use gbde. It is in your distro at /sbin/gbde Make a file with dd and format is with gbde and newfs: dd if=/dev/random of=file bs=1k count=1000 gbde init /dev/md0 mdconfig -a -t vnode -f file gbde init /dev/md0 gbde attach /dev/md0 newfs /dev/md0.bde mount /dev/md0.bde /mnt #and you are ready to use the filesystem at /mnt #watch out for the sequence of umounting: umount /dev/md0.bde gbde detach /dev/md0 #for mounting you do: gbde attach /dev/md0 mount /dev/md0.bde /mnt -- Key-ID = 0xA6581435E-mail address is valid but ipv6 only ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Encrypted volume - how?
--- Norberto Meijome <[EMAIL PROTECTED]> wrote: > openssl, OR any other tool ? > I have heard of gbde(8), which might be a few years old, than geli(8)... -Arne __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Encrypted volume - how?
On Mon, Jan 23, 2006 at 09:39:52AM +1100, Norberto Meijome wrote: > Hi all, > I'm looking for a way to recreate the functionality of PGP Disk (under > Win32). Basically, create an encrypted file, which contains a filesystem > which can then be mounted in any mount point. > > I know I can use GELI in FreeBSD 6 - as I understand, it performs the > encryption at the partition level (the whole partition is encrypted). > I'd like to be able to simply unmount my 'secure volume', and be able to > back it up as a whole, or move it to another computer without having to > repartition the destination. I think GELI wouldn't be good for this. GELI or GBDE are probably what you're looking for, you just need to use mdconfig to create a vnode (file) backed disk image which you will encrypt and then create a file system on. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 pgpgs981Mczyi.pgp Description: PGP signature
Re: Encrypted volume - how?
Norberto Meijome wrote: Hi all, I'm looking for a way to recreate the functionality of PGP Disk (under Win32). Basically, create an encrypted file, which contains a filesystem which can then be mounted in any mount point. Is this: http://www.freebsd.org/cgi/man.cgi?query=mdconfig what you are looking for? (see "-t vnode" option; you can apply any GEOM class, including GELI, on such devices) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Encrypted volume - how?
Hi all, I'm looking for a way to recreate the functionality of PGP Disk (under Win32). Basically, create an encrypted file, which contains a filesystem which can then be mounted in any mount point. I know I can use GELI in FreeBSD 6 - as I understand, it performs the encryption at the partition level (the whole partition is encrypted). I'd like to be able to simply unmount my 'secure volume', and be able to back it up as a whole, or move it to another computer without having to repartition the destination. I think GELI wouldn't be good for this. I think I've read somewhere that you could use openssl to generate an encrypted volume and then mount it. I searched for a while and can't find any reference to this. Does anyone know how to do this with openssl, OR any other tool ? thanks in advance, Beto ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
