Encrypting harddisks
GELI
Create a key with:
dd if=/dev/random of=/root/storage.key bs=256 count=1
Create a encrypted disk:
geli init -a aes -l 256 -s 4096 -K /root/storage.key /dev/ad3
Enter new passphrase:
Reenter new passphrase:
or
cat keyfile1 keyfile2 keyfile3 | geli init -a aes -l 256 -s 4096 -K - /dev/ad3
To attach the provider:
geli attach -k /root/storage.key /dev/ad3
Enter passphrase:
Create a filesystem and mount it:
dd if=/dev/random of=/dev/ad3.eli bs=1m
newfs /dev/ad3.eli
mount /dev/ad3.eli /usr/home/storage
Unmounting the drive and detach it:
umount /usr/home/storage
geli detach ad3.eli
Mount it at bootup edit /etc/rc.conf:
# GELI config
geli_devices="ad3"
geli_ad3_flags="-k /root/storage.key"
Edit /etc/fstab:
/dev/ad3.eli /home/storage ufs rw 1 2