From owner-freebsd-questions@freebsd.org  Mon Mar 11 08:40:32 2019
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9D6EF1537785
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Mon, 11 Mar 2019 08:40:32 +0000 (UTC)
 (envelope-from freebsd@edvax.de)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.10])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "mout.kundenserver.de",
 Issuer "TeleSec ServerPass DE-2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 5C64E8A78E
 for <freebsd-questions@freebsd.org>; Mon, 11 Mar 2019 08:40:30 +0000 (UTC)
 (envelope-from freebsd@edvax.de)
Received: from r56.edvax.de ([92.193.208.84]) by mrelayeu.kundenserver.de
 (mreue108 [212.227.15.183]) with ESMTPA (Nemesis) id
 1M9Fvl-1h6GcE438x-006KAl; Mon, 11 Mar 2019 09:40:22 +0100
Date: Mon, 11 Mar 2019 09:40:20 +0100
From: Polytropon <freebsd@edvax.de>
To: Alexandre Leonenko <alex@esecuredata.com>
Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject: Re: Automatic unencryption using /etc/fstab
Message-Id: <20190311094020.12d9aad9.freebsd@edvax.de>
In-Reply-To: <BL0PR16MB265912877178BADC1490E109C7480@BL0PR16MB2659.namprd16.prod.outlook.com>
References: <BL0PR16MB265912877178BADC1490E109C7480@BL0PR16MB2659.namprd16.prod.outlook.com>
Reply-To: Polytropon <freebsd@edvax.de>
Organization: EDVAX
X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K1:AdbitKHnuh4mzm5d2Hkg7ecPzq4uBEguB8FYJiIaOmnXyL7o29e
 ayqx3EzJQ75ok0T+6LNWhZBCybu8sMHDrF4aTaLvzRj6jQH9zwSZ1UWf8J2oyRyccBI/Syz
 q4jZnRW4l885wvuUlK1cTU7WedWkEAoSvWitEkoY8rtVOvlbRNH1Vk3jHDXPcc6Wp0Et+XH
 fqGVK7a9seFdeSaypq+sw==
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V03:K0:scetm5lPxUs=:OODdwkWC2zcMSkaLJKGfZb
 ODeUoYf3sVPmQnUtswqFJGj8Tpab1EXigIPLFNYLkrwA7cXCbNED975mHgejelfNp4tdOLuoC
 1BTYLbV12eb/SbtZdkvlVas8IPskJDNneb5Tkf3idopK+mY0f/hvWblXBk4WAzjPR+FYUY2I9
 2sK6kumA0ld3IdYQsP4PYFRVjl3iD5Cszzh0u9J0SkFp7/zqBI05TV14SFq3vt4YAIAi6ppxh
 9J4VRAw6bhtuamx5tJawIfe5RpESEfTGw2zpfKSY/Lr+BV7eDZ+fFKgmTcrn6PvPOJbNPnq7m
 PoTKLHUxOrGsTJPRf5AqkJxoo+9hDbl+tA/nyciH0cTd40/D4iWz6OpISxu0FxoZekVvLJpOY
 4+UB1aPgtkqxFng2X6LPlw0VYvH4XudUyTptTy2ukIVnxKEfGFLP2SPnWg9gC0mGFZrSx5xFv
 Mgo7a9MxklhDixtILFDR8bDcyecDl/mPf2itULgHxXVyMNhc0CbVs2IodILseNYQpGxVvdDl5
 cIo7V+IzZkzHPwoWa4g6C3z1fDYn8p1v6ZBw2WvzmZ51nJ28zCfrLTnuVAOMLKKUFP5aIyy+S
 F/UJmHyf9ZFfI+WmtmWgFLsT5PSZKXdSEmD2C7keJrojY4WsQz8TkMvJlHd8TbsXO/679nULC
 CfoRZT6vqh6UPxvPNGJlSLjfHWb8kzklmCuS8OSkgUYrVwAaIwgHxJlH3MuVjqQnFz1kVf3s4
 kb6KXa451XfnWmhw0dkKl49WUTiEwki5cE8dutXhrs/ASZ1C/oe4xp1DYbc=
X-Rspamd-Queue-Id: 5C64E8A78E
X-Spamd-Bar: +++++
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [5.14 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[];
 HAS_REPLYTO(0.00)[freebsd@edvax.de]; TO_DN_SOME(0.00)[];
 MV_CASE(0.50)[]; HAS_ORG_HEADER(0.00)[];
 MX_GOOD(-0.01)[cached: mx00.schlund.de];
 RCPT_COUNT_TWO(0.00)[2];
 RECEIVED_SPAMHAUS_PBL(0.00)[84.208.193.92.zen.spamhaus.org : 127.0.0.10];
 RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[];
 ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE];
 MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; ARC_NA(0.00)[];
 REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[];
 NEURAL_SPAM_SHORT(0.84)[0.842,0]; MIME_GOOD(-0.10)[text/plain];
 DMARC_NA(0.00)[edvax.de]; AUTH_NA(1.00)[];
 NEURAL_SPAM_MEDIUM(0.71)[0.712,0];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(0.96)[0.963,0];
 MID_CONTAINS_FROM(1.00)[];
 RCVD_IN_DNSWL_NONE(0.00)[10.17.227.212.list.dnswl.org : 127.0.5.0];
 R_SPF_NA(0.00)[];
 RWL_MAILSPIKE_POSSIBLE(0.00)[10.17.227.212.rep.mailspike.net : 127.0.0.17];
 RCVD_COUNT_TWO(0.00)[2];
 IP_SCORE(0.23)[ip: (0.49), ipnet: 212.227.0.0/16(-1.04), asn: 8560(1.73),
 country: DE(-0.01)]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Mar 2019 08:40:32 -0000

On Mon, 11 Mar 2019 08:20:46 +0000, Alexandre Leonenko wrote:
> Is it possible to use /etc/fstab to point to encryption key file
> to unencrypt a second drive on boot up?
> 
> The idea that / root is already encrypted and the file will be
> as well. I want to avoid entering passwords multiple time for
> few different drives.
> 
> I know Linux can already do that with the LUKS encryption and
> was wondering if same thing is possible on FreeBSD.

I think FreeBSD supports this approach natively for decades now.
Check "18.12.2. Disk Encryption with geli" in The FreeBSD Handbook:

https://people.freebsd.org/~rodrigc/doc/handbook/disks-encrypting.html

It is possible to use a key file without a passphrase and use it
in an automatic decrypt + mount scenario, but be aware of the
security implications. ;-)



-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...