On Friday, October 13, 2017 9:42:01 PM EDT Olle wrote: > Hi, > > At this point I would be happy to encrypt even just a single file. The > options seem dead after installation. Any ideas?
I'm assuming you meant to answer the list, so I'm sending my answer to the list. To create an encrypted partition, you need some free space. If all of your disk is allocated to filesystems or swap, you need to either shrink some filesystem or add a disk. If /home is on a separate partition and you want to encrypt it, copy everything in it (which shouldn't be much if you just installed) to somewhere else and remove the partition from /etc/fstab. If you are using LVM and have some free space in a volume group, you can make a new logical volume. Once you have an empty partition in a slice or an empty logical volume, you can make an encrypted partition with cryptsetup. Use the luksFormat command. Having done that, create a file /etc/crypttab. Mine looks like this: crypt /dev/serno/WD-<snip>.s1d none tries=3,timeout=200 This file is used by the cryptdisks service. Run "/etc/rc.d/cryptdisks start". cryptsetup will ask you for the password of the encrypted partition. Enter it, and you'll get the plaintext of the partition (which will be gibberish, since you're decrypting zeros) in /dev/ mapper/. Make a filesystem on the device in /dev/mapper/. Add a line in /etc/fstab similar to this: /dev/mapper/crypt /crypt hammer rw,noauto 1 1 You can now mount your new filesystem on your encrypted partition. At the time I created the encrypted partition, there was a bug that caused a kernel panic if I tried to load the dm module when booting. I therefore created the following script /usr/local/bin/mountcrypt: #!/bin/sh kldload dm /etc/rc.d/cryptdisks start mount /crypt mount /usr/obj If your computer is remote, and you can't enter the cryptdisk password when booting, you'll need a script like this. You will need to run this as root, and if you encrypt /home, you have to ssh in as root, because you can't log in as yourself when your home directory is unavailable. Pierre -- The Black Garden on the Mountain is not on the Black Mountain.
