Re: disk encryption for remote server
Can you access the machine's serial console, maybe redirected over IP? On Sun, May 26, 2024 at 08:33:59PM GMT, 04-psyche.tot...@icloud.com wrote: > Hi everyone, > > Is there any way to use disk encryption without having physical access to the > device? > > A few potential ideas: > - is there a way to enter the encryption passphrase via ssh? > - is there a way to create a non encrypted partition on the same hard drive, > where the keydisk would be stored, and automatically used? (For various > reasons, an external usb key is not feasible). And yes, I realize this would > weaken the security significantly, but I'd still like to know if it's > feasible? > > My guess is that it's not possible, but I wanted to ask to make sure. > > Cheers, > Jake
Re: how to external encrypted drive that supports OpenBSD and FreeBSD?
Depending on your needs, you could use a FUSE-based solution like encfs. There are numerous alternatives such as gocryptfs, or ecryptfs but AFAIK they don't work with OpenBSD's FUSE implementation. Rclone supports encrypted remotes. Without FUSE you'd need to copy files manually, though. You could also have a look at VeraCrypt. On Fri, Mar 01, 2024 at 04:50:01PM -, beecdadd...@danwin1210.de wrote: > hi list > do you have any recommendation? internet can't find my answer > > drive is external usb and it has to be encrypted.. > something that can also supports freeBSD is what I need > fast solution is fat32, but how do I encrypt it? freebsd doesn't have > softraid or bioctl >
Re: bioctl: one key for multiple disks
You can indeed create multiple 1M RAID disklabel partitions per device (typically a USB stick), one partition per key. I've been using this setup for years. To save yourself some frustration, I suggest you backup the keydisks as described in the FAQ: https://www.openbsd.org/faq/faq14.html#softraidFDE On Sun, Jan 07, 2024 at 11:15:25AM +0300, 4 wrote: > how to use one key for multiple disks? i naively believed that since bioctl > does not have any keys for this, then a key on the specified key's partition > will be used, and if it is not there, a new one will be created, and deleting > the key it is the responsibility of the user, but in practice there is > nothing like this, the key is simply overwritten with a new one. i understand > that logic and reason are not about obsd, but maybe there is some kind of > hack to solve this problem? > "- just create a new key's partition for each disk" > "- oh, yeah! a brilliant solution. and very scalable!" > but i'm not sure that even this can be done. i'm tired of restoring the > router's state after unsuccessful experiments, i would like to use someone > else's experience. > i don’t know how the crypto partition works, i don’t know how to see what’s > on it, but maybe it’s possible to place several keys on one partition if i > can’t use one key for several disks? i don’t know.. there are dozens of > theoretical ways for how to solve the problem of storing keys >
Re: OpenBSD alternative setup to ZFS on Linux or FreeBSD
On Wed, Nov 22, 2023 at 09:49:53AM +0100, Maja Reberc wrote: > Does anyone recommend FAT32-formatted 1 TB external HDDs for > OS-portable backups (using archive splitting to bypass the 4 GB limit)? > I've heard FAT32 is very inefficient with big partitions. I currently > have a mess of ext4 for Linux, ZFS (yes ...) for FreeBSD, and nothing > yet for OpenBSD (sadly, my favourite OS does not support redshift on my > Nvidia card, and that is a requirement for my eyes). I use a 2TB FAT32-formatted USB HDD for portable backups. The archives are splitted scrypt-encrypted gzipped GNU tarballs so I can read them on virtually any machine. I use GNU tar because of extra long filenames I don't control, otherwise I would prefer the POSIX ustar format. It works just fine for my purposes.
