Benutzer-Werkzeuge

Webseiten-Werkzeuge


freebsd:encrypt_harddisks

Encrypting harddisks

GELI

Create a key with:

dd if=/dev/random of=/root/storage.key bs=256 count=1

Create a encrypted disk:

geli init -a aes -l 256 -s 4096 -K /root/storage.key /dev/ad3
Enter new passphrase:
Reenter new passphrase:

or
cat keyfile1 keyfile2 keyfile3 | geli init -a aes -l 256 -s 4096 -K - /dev/ad3

To attach the provider:

geli attach -k /root/storage.key /dev/ad3
Enter passphrase:

Create a filesystem and mount it:

dd if=/dev/random of=/dev/ad3.eli bs=1m
newfs /dev/ad3.eli
mount /dev/ad3.eli /usr/home/storage

Unmounting the drive and detach it:

umount /usr/home/storage
geli detach ad3.eli

Mount it at bootup edit /etc/rc.conf:

# GELI config
geli_devices="ad3"
geli_ad3_flags="-k /root/storage.key"

Edit /etc/fstab:

/dev/ad3.eli            /home/storage ufs rw                    1       2
freebsd/encrypt_harddisks.txt · Zuletzt geändert: 2013/12/16 14:34 von idefix