From owner-freebsd-questions@FreeBSD.ORG Mon Oct 12 16:38:48 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CE15E106568F for ; Mon, 12 Oct 2009 16:38:48 +0000 (UTC) (envelope-from gfritz@gmail.com) Received: from mail-fx0-f222.google.com (mail-fx0-f222.google.com [209.85.220.222]) by mx1.freebsd.org (Postfix) with ESMTP id 5CCAC8FC1C for ; Mon, 12 Oct 2009 16:38:47 +0000 (UTC) Received: by fxm22 with SMTP id 22so8281556fxm.36 for ; Mon, 12 Oct 2009 09:38:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:received:date:from:to:cc :subject:message-id:references:mime-version:content-type :content-disposition:in-reply-to:user-agent; bh=FzrhLKn32RT6BsH3H8szDdk5WaycZ8B5wKIT7Pg5oRo=; b=M92EzKaQmA70cOb1v9iVPpmHhlUCPGB3gjDPGkAnqeuTiTWC+OReChKm6aCni5e5A0 djzvnDom4gilVlE+m79u8Ild9AvVmx1qUQO8C9RYCyMvZoUX9sJSSvjhhmEOSZzykbpj XxCO/cHSBP73QijWND81jCb27owzZ6n+dCRI0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; b=M/vdTpPkV6f12iplzRSQiWsVCZLXVe2GQfXOXJHGtjvHViobsaNROBSCyYr0KQApis lqUeMKwe6ALubZr+Fix9KrugYiv2CoCBVUXnttbngz5401QPiZvohTQjSeSmQOIVMvU5 6GbGdJVbDqlSyR4zvQVhb4w+VeeTyXoAG+zc4= Received: by 10.204.36.202 with SMTP id u10mr5181565bkd.196.1255364310693; Mon, 12 Oct 2009 09:18:30 -0700 (PDT) Received: from dev.null (247-175-174-206.cust.wirelessbeehive.com [206.174.175.247]) by mx.google.com with ESMTPS id f31sm6042495fkf.35.2009.10.12.09.18.27 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 12 Oct 2009 09:18:28 -0700 (PDT) Received: by dev.null (Postfix, from userid 1001) id B34A6CD38; Mon, 12 Oct 2009 10:18:24 -0600 (MDT) Date: Mon, 12 Oct 2009 10:18:24 -0600 From: Geoff Fritz To: Greg Morell Message-ID: <20091012161824.GA370@dev.null> References: <954220.56717.qm@web46415.mail.sp1.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <954220.56717.qm@web46415.mail.sp1.yahoo.com> User-Agent: Mutt/1.5.20 (2009-06-14) Cc: freebsd-questions@freebsd.org Subject: Re: Mountable encrypted file? What to use? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Oct 2009 16:38:48 -0000 On Mon, Oct 12, 2009 at 06:33:40AM -0700, Greg Morell wrote: > > I like to keep all of my sensitive stuff in a few encrypted mountable files. > Something where I can copy the file to a USB key for backup, but not > worry if I lose the USB key since it's just an encrypted file. But when > on a computer, I can mount it as a volume. > > What should I use on FreeBSD? Combine geli with the md device: dd if=/dev/zero of=/tmp/secret bs=1 count=0 seek=1G mdconfig -a -t vnode -f /tmp/secret -u 1984 geli load geli init /dev/md1984 && geli attach /dev/md1984 newfs /dev/md1984.eli mkdir /mnt/secret && mount /dev/md1984.eli /mnt/secret echo "the formula for Coke is..." > /mnt/secret/secret_formula.txt umount /mnt/secret geli detach /dev/md1984.eli mdconfig -d -u 1984 cp /tmp/secret /mnt/usbdrive (I don't know off-hand the 'cp' options for copying sparse files correctly). Read the man pages for all of the commands you are unfamiliar with. geli(8) has a lot of flexible options. -- Geoff