From owner-freebsd-security@FreeBSD.ORG Mon Jan 23 00:12:00 2006 Return-Path: X-Original-To: Freebsd-security@freebsd.org Delivered-To: Freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 565F316A41F for ; Mon, 23 Jan 2006 00:12:00 +0000 (GMT) (envelope-from freebsd@meijome.net) Received: from sigma.octantis.com.au (ns2.octantis.com.au [207.44.189.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id B563143D6B for ; Mon, 23 Jan 2006 00:11:58 +0000 (GMT) (envelope-from freebsd@meijome.net) Received: (qmail 15660 invoked from network); 23 Jan 2006 11:11:58 +1100 Received: from andromeda.lef.com.au (HELO ?10.168.101.24?) (210.8.93.2) by sigma.octantis.com.au with (DHE-RSA-AES256-SHA encrypted) SMTP; 23 Jan 2006 11:11:58 +1100 Message-ID: <43D41F48.6080603@meijome.net> Date: Mon, 23 Jan 2006 11:11:52 +1100 From: Norberto Meijome User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: FreeBSD Questions References: <43D409B8.6070704@meijome.net> <20060122230816.GC7703@odin.ac.hmc.edu> In-Reply-To: <20060122230816.GC7703@odin.ac.hmc.edu> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Freebsd-security@freebsd.org Subject: Re: Encrypted volume - how? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jan 2006 00:12:00 -0000 Brooks Davis wrote: > On Mon, Jan 23, 2006 at 09:39:52AM +1100, Norberto Meijome wrote: > >>Hi all, >>I'm looking for a way to recreate the functionality of PGP Disk (under >>Win32). Basically, create an encrypted file, which contains a filesystem >>which can then be mounted in any mount point. >> >>I know I can use GELI in FreeBSD 6 - as I understand, it performs the >>encryption at the partition level (the whole partition is encrypted). >>I'd like to be able to simply unmount my 'secure volume', and be able to >>back it up as a whole, or move it to another computer without having to >>repartition the destination. I think GELI wouldn't be good for this. > > > GELI or GBDE are probably what you're looking for, you just need to use > mdconfig to create a vnode (file) backed disk image which you will > encrypt and then create a file system on. > Thanks Brooks and everyone else who kindly pointed me in the right direction :) I think I will use GELI (i like the 2 key system, and it seems to be newer technology.) cheers, Beto