#FreeBSD #Encrypt_harddisks

Encrypting harddisks

Dec 16, 2013
1 min read
May 27, 2023 09:13 EEST

GELI

Create a key with:

dd if=/dev/random of=/root/storage.key bs=256 count=1

Create a encrypted disk:

geli init -a aes -l 256 -s 4096 -K /root/storage.key /dev/ad3
Enter new passphrase:
Reenter new passphrase:

or
cat keyfile1 keyfile2 keyfile3 | geli init -a aes -l 256 -s 4096 -K - /dev/ad3

To attach the provider:

geli attach -k /root/storage.key /dev/ad3
Enter passphrase:

Create a filesystem and mount it:

dd if=/dev/random of=/dev/ad3.eli bs=1m
newfs /dev/ad3.eli
mount /dev/ad3.eli /usr/home/storage

Unmounting the drive and detach it:

umount /usr/home/storage
geli detach ad3.eli

Mount it at bootup edit /etc/rc.conf:

# GELI config
geli_devices="ad3"
geli_ad3_flags="-k /root/storage.key"

Edit /etc/fstab:

/dev/ad3.eli            /home/storage ufs rw                    1       2
Related Posts
Dec 16 Awstats 1 min read
Dec 16 Cloning disks 4 min read
Dec 16 Firewall PF 2 min read
Dec 16 Hylafax 2 min read
Dec 16 Jails 12 min read