From owner-freebsd-fs@FreeBSD.ORG Wed Jun 11 21:52:06 2008 Return-Path: Delivered-To: fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8B847106566C for ; Wed, 11 Jun 2008 21:52:06 +0000 (UTC) (envelope-from jhs@berklix.org) Received: from flat.berklix.org (flat.berklix.org [83.236.223.115]) by mx1.freebsd.org (Postfix) with ESMTP id EE55A8FC12 for ; Wed, 11 Jun 2008 21:52:05 +0000 (UTC) (envelope-from jhs@berklix.org) Received: from js.berklix.net (p549A54EC.dip.t-dialin.net [84.154.84.236]) (authenticated bits=0) by flat.berklix.org (8.13.8/8.13.8) with ESMTP id m5BLq3Kk075849; Wed, 11 Jun 2008 23:52:04 +0200 (CEST) (envelope-from jhs@berklix.org) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by js.berklix.net (8.13.8/8.13.8) with ESMTP id m5BLpmPX048717; Wed, 11 Jun 2008 23:51:48 +0200 (CEST) (envelope-from jhs@berklix.org) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.13.8/8.13.8) with ESMTP id m5BLpFKK055158; Wed, 11 Jun 2008 23:51:35 +0200 (CEST) (envelope-from jhs@fire.js.berklix.net) Message-Id: <200806112151.m5BLpFKK055158@fire.js.berklix.net> To: Howard Goldstein , Lorenzo Perone From: "Julian Stacey" Organization: http://berklix.com BSD Unix Linux Consultancy, Munich Germany User-agent: EXMH on FreeBSD http://berklix.com/free/ X-URL: http://berklix.com In-reply-to: Your message "Wed, 11 Jun 2008 14:00:55 EDT." <485012D7.6060107@queue.to> Date: Wed, 11 Jun 2008 23:51:15 +0200 Sender: jhs@berklix.org Cc: fs@freebsd.org Subject: Re: CFS Cryptographic file system. X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jun 2008 21:52:06 -0000 To: Howard Goldstein , Lorenzo Perone cc: fs@freebsd.org bcc: freebsd-ports@freebsd.org (bcc to avoid list dups, any follow up to fs@ I suggest) Howard Goldstein wrote: > Date: Wed, 11 Jun 2008 14:00:55 -0400 (20:00 CEST) > Cc: freebsd-ports@freebsd.org > Julian Stacey wrote: > > Is there some replacement of /usr/ports/security/cfs > > (encryped file system) for 7.0 ? > > It's not fully responsive to your question, and it's a little clunky, > but the technique at this blog entry > https://www.endries.org/josh/blog/posts/5 seems to show a way to run > geli on a file-based backingstore using the the md driver as a geom > provider. I haven't tried it. Thanks Howard, As I was in a rush & no quick reply to ports@, I posted a similar question to fs@freebsd 12 hours or so later & later replied: > > From: Lorenzo Perone > > Date: Tue, 10 Jun 2008 13:11:50 +0200 > > To: Julian Stacey > > Cc: fs@freebsd.org > > > Is a crypting file system being worked on for src/ somewhere ? > > > > Did you have a look at gbde / geli? > > > > http://www.freebsd.org/doc/en/books/handbook/disks-encrypting.html > > No, (I did have a look at doc index before I posted, but I missed this). > Looks like what I need. > Thanks Lorenzo So I did this, which worked: dd if=/dev/zero of=CRYPT_FS_IMAGE bs=10k count=50k mdconfig -a -t vnode -f CRYPT_FS_IMAGE mkdir /etc/gbde gbde init /dev/md0 -i -L /etc/gbde/md0.lock 2048 random_flush uncommented # long wait gbde attach /dev/md0 -l /etc/gbde/md0.lock newfs -U -O2 /dev/md0.bde mount /dev/md0.bde /mnt .... umount /mnt gbde detach md0 mdconfig -d -u 0 I havent tried geli yet, though it has interesting extras for later. Thanks Lorenzo & Howard. Julian -- Julian Stacey: BSDUnixLinux C Prog Admin SysEng Consult Munich www.berklix.com Mail just Ascii plain text. HTML & Base64 text are spam.