freebsd:encrypt_harddisks
Encrypting harddisks
GELI
Create a key with:
dd if=/dev/random of=/root/storage.key bs=256 count=1
Create a encrypted disk:
geli init -a aes -l 256 -s 4096 -K /root/storage.key /dev/ad3 Enter new passphrase: Reenter new passphrase: or cat keyfile1 keyfile2 keyfile3 | geli init -a aes -l 256 -s 4096 -K - /dev/ad3
To attach the provider:
geli attach -k /root/storage.key /dev/ad3 Enter passphrase:
Create a filesystem and mount it:
dd if=/dev/random of=/dev/ad3.eli bs=1m newfs /dev/ad3.eli mount /dev/ad3.eli /usr/home/storage
Unmounting the drive and detach it:
umount /usr/home/storage geli detach ad3.eli
Mount it at bootup edit /etc/rc.conf:
# GELI config geli_devices="ad3" geli_ad3_flags="-k /root/storage.key"
Edit /etc/fstab:
/dev/ad3.eli /home/storage ufs rw 1 2
freebsd/encrypt_harddisks.txt · Zuletzt geändert: 2013/12/16 14:34 von idefix