Re: Mountable encrypted file? What to use?
On Mon, 12 Oct 2009 10:18:24 -0600, Geoff Fritz wrote: > mdconfig -a -t vnode -f /tmp/secret -u 1984 Heheh... You plusgood coder. Continue scriptwrite fulwise! :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Mountable encrypted file? What to use?
On Mon, Oct 12, 2009 at 06:33:40AM -0700, Greg Morell wrote: > > I like to keep all of my sensitive stuff in a few encrypted mountable files. > Something where I can copy the file to a USB key for backup, but not > worry if I lose the USB key since it's just an encrypted file. But when > on a computer, I can mount it as a volume. > > What should I use on FreeBSD? Combine geli with the md device: dd if=/dev/zero of=/tmp/secret bs=1 count=0 seek=1G mdconfig -a -t vnode -f /tmp/secret -u 1984 geli load geli init /dev/md1984 && geli attach /dev/md1984 newfs /dev/md1984.eli mkdir /mnt/secret && mount /dev/md1984.eli /mnt/secret echo "the formula for Coke is..." > /mnt/secret/secret_formula.txt umount /mnt/secret geli detach /dev/md1984.eli mdconfig -d -u 1984 cp /tmp/secret /mnt/usbdrive (I don't know off-hand the 'cp' options for copying sparse files correctly). Read the man pages for all of the commands you are unfamiliar with. geli(8) has a lot of flexible options. -- Geoff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Mountable encrypted file? What to use?
On Mon, Oct 12, 2009 at 06:33:40AM -0700, Greg Morell wrote: > Since TrueCrypt doesn't work on FreeBSD, I'm wondering what you'd recommend > for this: > > I like to keep all of my sensitive stuff in a few encrypted mountable files. > > Something where I can copy the file to a USB key for backup, but not worry if > I lose the USB key since it's just an encrypted file. But when on a > computer, I can mount it as a volume. > > On OS X, I use encrypted 'dmg' volumes. > > On Linux and Windows, I use TrueCrypt. > > What should I use on FreeBSD? You should use GELI, see geli(8). It can encrypt complete disks, partitions or bsdlabels. If you want the encrypted stuff encased in a file, you should use md(4) to create a vnode-backed memory disk, and encrypt that with GELI. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgp3bHAbuJCRC.pgp Description: PGP signature
Re: Mountable encrypted file? What to use?
Greg Morell ha scritto: Since TrueCrypt doesn't work on FreeBSD, I'm wondering what you'd recommend for this: I like to keep all of my sensitive stuff in a few encrypted mountable files. Something where I can copy the file to a USB key for backup, but not worry if I lose the USB key since it's just an encrypted file. But when on a computer, I can mount it as a volume. What about GELI? I've used it for a long time with no problems. Check the handbook for details. bye av. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"