From owner-freebsd-questions@freebsd.org  Mon Mar 11 08:53:01 2019
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EE02E1537F66
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Mon, 11 Mar 2019 08:53:00 +0000 (UTC)
 (envelope-from alex@esecuredata.com)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com
 (mail-eopbgr750137.outbound.protection.outlook.com [40.107.75.137])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mail.protection.outlook.com",
 Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 7E9EE8B235
 for <freebsd-questions@freebsd.org>; Mon, 11 Mar 2019 08:52:59 +0000 (UTC)
 (envelope-from alex@esecuredata.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=HOSTINGMETRO1.onmicrosoft.com; s=selector1-esecuredata-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=2gdBTy4kIxcNBV+XCM8pykoPHwUNdJOnR2tCiV5EivQ=;
 b=GWZbUMomuFNTA7hDOrXoVrJ2+QbiyhjlnAsk8Qw46MgAiOS53Ir9pxXj1QN4goDhQn0GsJsQuVbB5iYldE/3RiJGiJPcljqgcXjVJo94VBZ22zVO68fKxKlyuV7nz/cPw/oW22XfwjoC/JFOL92T8k8pgXRu5lQdfvz1s6waCOw=
Received: from BL0PR16MB2659.namprd16.prod.outlook.com (20.177.206.142) by
 BL0PR16MB2499.namprd16.prod.outlook.com (20.177.147.217) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.1686.18; Mon, 11 Mar 2019 08:52:56 +0000
Received: from BL0PR16MB2659.namprd16.prod.outlook.com
 ([fe80::8c94:6d9b:ebc9:b66]) by BL0PR16MB2659.namprd16.prod.outlook.com
 ([fe80::8c94:6d9b:ebc9:b66%2]) with mapi id 15.20.1686.021; Mon, 11 Mar 2019
 08:52:56 +0000
From: Alexandre Leonenko <alex@esecuredata.com>
To: Polytropon <freebsd@edvax.de>
CC: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject: Re: Automatic unencryption using /etc/fstab
Thread-Topic: Automatic unencryption using /etc/fstab
Thread-Index: AQHU1+Kki0+nLICm9E2WlQuxkpc7I6YGHFkAgAADcLQ=
Date: Mon, 11 Mar 2019 08:52:56 +0000
Message-ID: <BL0PR16MB2659C5CF1A8CF4E7E5C5E2F9C7480@BL0PR16MB2659.namprd16.prod.outlook.com>
References: <BL0PR16MB265912877178BADC1490E109C7480@BL0PR16MB2659.namprd16.prod.outlook.com>,
 <20190311094020.12d9aad9.freebsd@edvax.de>
In-Reply-To: <20190311094020.12d9aad9.freebsd@edvax.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [209.17.150.6]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 02759c52-7ff2-4c3e-0e8b-08d6a5fef48c
x-microsoft-antispam: BCL:0; PCL:0;
 RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020);
 SRVR:BL0PR16MB2499; 
x-ms-traffictypediagnostic: BL0PR16MB2499:
x-ms-exchange-purlcount: 1
x-microsoft-exchange-diagnostics: =?us-ascii?Q?1; BL0PR16MB2499;
 23:g+QxOMpYBxQr1WMvf9kSUKxl9xMy+w4Vg1VQ0WZUy?=
 =?us-ascii?Q?xLDFSXB5RFKyJQB7cxMOTbBUnU7JTL0tZK0jQ2X96uBAFlSWu0+KcBb+YXXZ?=
 =?us-ascii?Q?r02bcVopE5khB2OLfrIOli+r8bEPZ48SIzo9bADo5ZwDsKT8iftmLeO/+khE?=
 =?us-ascii?Q?urgkAgosR4VOS9ft9LZnFLbepvyUrr3l4HGwQUsvv8+5c330MpnRfqc2qVvH?=
 =?us-ascii?Q?Ng86RPEItujMAd4yrqfOQFWqrTa+nSFjOucU5lLbpoP/o4umys7aUfA+lLNo?=
 =?us-ascii?Q?W1cMnI1FKOKtnxIKZlD4613YBeYcNrbQZyTq6KEv8oZVXimJZl+LcZzhvN3A?=
 =?us-ascii?Q?DbOwkiEpE19/VFuYFAVOM2t9q45JUHm3XaCzK2+XvV9aU3yvhJTJn5Shhqhu?=
 =?us-ascii?Q?vY1vWz1jHLg1iI53KVMscbp/2GTwmHEt+u9Vy7gw3s1kYuw0eL+U6V0Fmc/I?=
 =?us-ascii?Q?GP2noVu+hqOuagFmwo2AloNu5RaxxfQLmUwXWmF2inyk6dEXu3KapLGavYnL?=
 =?us-ascii?Q?L3MImSFSVlT8hyjiIRiEMbC6I/IDMPb53RKhP7ZpjilOJV18QjNp+jjRgeVp?=
 =?us-ascii?Q?JhWBknOv0RcoGdv3MsK+oADsdh/r9ELcgXUxVBMCThSsVEI2us2+X0zOPK4L?=
 =?us-ascii?Q?Pi4XWn95ZBgOxsXBnPlQaofjGaVp9/uxqQ6DVoUneHw5gmPdlNeMB7grD/GZ?=
 =?us-ascii?Q?VGfO2U5Nj3MB+5gkzPNqUaOwKDzcCufajPzD12u7cZmLSQFjX/EP5XvJno1i?=
 =?us-ascii?Q?g9SpMb/drJMJbv6GSwuTG8guOGNK9N5EhEtGriMini99HNlzUkZKed1tq09v?=
 =?us-ascii?Q?6eJyMG87NlZpgK+QCu1neIIMlfVj5QJt+XErOzqGcUJBB1IuY+WkwLatX8S5?=
 =?us-ascii?Q?yg7rhMYqIKVYFjHAGrGFwIHbyAimfy6puzUVb91OYJBH4zFrAPYliZmqXRdx?=
 =?us-ascii?Q?KR4ndZI4m9hwN9WWLcEmeOlJK1qrOc4zQEP+viPA+Af3Qctnj998oOdBW4x9?=
 =?us-ascii?Q?2IcOYN9NHrtUW/8HuGPDPNk3EFb5boPeQzxBshHR4ItlZLO4KzlBN5CKLGiz?=
 =?us-ascii?Q?cmil9QV5bG71ywsgQ+KGVuR5JZ+IbyRWd7sjsvcYcWGWMxRvQMnMa0tvKVbD?=
 =?us-ascii?Q?UaYEnOrbKW7pBJrYbN1RzuVCKZuCgdh+JPoFeBHwexl50byBlKdMXxLlxMKb?=
 =?us-ascii?Q?fH6yh3LaSMq1Cf+vOIBEGH3kYq4BdI8lsbOGUqac2evmIOUkGishGdQDf+iv?=
 =?us-ascii?Q?5q1UlGlgkrafWlDq9gWj4LPyw/M7uaHXKrlEyzPZciyEXSzhzking2DbZ/EP?=
 =?us-ascii?Q?9iT+1xi/f0/jqCzt9W8f+GeNkymvWS4bs9e4bjvN0b1iJrqrsci9KemFvEB0?=
 =?us-ascii?Q?PtIBC4jptSCb+1vhRo+ji7KTsw=3D?=
x-microsoft-antispam-prvs: <BL0PR16MB2499B3C8AABD20A40E0E4D98C7480@BL0PR16MB2499.namprd16.prod.outlook.com>
x-forefront-prvs: 09730BD177
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10019020)(346002)(376002)(39830400003)(396003)(366004)(136003)(189003)(199004)(81156014)(81166006)(8676002)(476003)(11346002)(446003)(486006)(74316002)(7736002)(21615005)(6916009)(68736007)(71190400001)(8936002)(106356001)(66066001)(86362001)(2906002)(606006)(19627405001)(256004)(105586002)(14454004)(14444005)(71200400001)(966005)(53546011)(6346003)(102836004)(6506007)(6246003)(99286004)(26005)(229853002)(6606003)(186003)(76176011)(9686003)(53936002)(6306002)(55016002)(508600001)(236005)(54896002)(6436002)(33656002)(52536013)(4326008)(97736004)(25786009)(7696005)(316002)(6116002)(5660300002)(3846002);
 DIR:OUT; SFP:1102; SCL:1; SRVR:BL0PR16MB2499;
 H:BL0PR16MB2659.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; MX:1; A:1; 
received-spf: None (protection.outlook.com: esecuredata.com does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: Lfab8VYGG+PLlM+09eBRXk+67OTB3vOtNZWK4BbJerFijMegW6nZfZJ88y5crRoJdPD3+5w0dmh2qt4wpQ1Ee1PaGt/ibyZ9rMtk/E6Ovd3Yrkf/hALiLleeoed28JYkSKkrfswuckf0aEMe75I98nPYBODdo+DBdn9+L3HdtNNx8qu1hTAIIcfEMmtcOOHziw0wQ+ti/ZOiDqvHvbUSDXlMyoxH7EQfsvSUUlaOxqMkb7VZXHzVFiAhf3R+H4igbKLNn7OIIp7LRgalUqUTB0Soe7Clrf3YVIKVk4nIWiOiF3NgbI5ZJIH4rJ5biRTYcMaXRUtgcrPtME9U37cf4SUWZTofIhfFqsCZ15LkM3IOo1ExnqNPxYIC+pigPpXLS8dt2H5DkNJGcnLeqxMsWzgkfvJpCN9cA/yCHkvhan0=
MIME-Version: 1.0
X-OriginatorOrg: esecuredata.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 02759c52-7ff2-4c3e-0e8b-08d6a5fef48c
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Mar 2019 08:52:56.0988 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 71362d57-fecf-4179-82d5-4aacb9ee4c24
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR16MB2499
X-Rspamd-Queue-Id: 7E9EE8B235
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=HOSTINGMETRO1.onmicrosoft.com
 header.s=selector1-esecuredata-com header.b=GWZbUMom; 
 spf=pass (mx1.freebsd.org: domain of alex@esecuredata.com designates
 40.107.75.137 as permitted sender) smtp.mailfrom=alex@esecuredata.com
X-Spamd-Result: default: False [-4.23 / 15.00]; ARC_NA(0.00)[];
 TO_DN_EQ_ADDR_SOME(0.00)[];
 R_DKIM_ALLOW(-0.20)[HOSTINGMETRO1.onmicrosoft.com:s=selector1-esecuredata-com];
 HAS_XOIP(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip4:40.107.0.0/16];
 NEURAL_HAM_LONG(-1.00)[-1.000,0];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 DMARC_NA(0.00)[esecuredata.com];
 NEURAL_HAM_MEDIUM(-0.99)[-0.995,0];
 MANY_INVISIBLE_PARTS(0.05)[1]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 DKIM_TRACE(0.00)[HOSTINGMETRO1.onmicrosoft.com:+];
 MX_GOOD(-0.01)[cached: esecuredata-com.mail.protection.outlook.com];
 RCVD_IN_DNSWL_NONE(0.00)[137.75.107.40.list.dnswl.org : 127.0.3.0];
 RCVD_COUNT_THREE(0.00)[3]; RCPT_COUNT_TWO(0.00)[2];
 NEURAL_HAM_SHORT(-0.86)[-0.860,0]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+]; RCVD_TLS_LAST(0.00)[];
 ASN(0.00)[asn:8075, ipnet:40.64.0.0/10, country:US];
 IP_SCORE(-0.91)[ipnet: 40.64.0.0/10(-2.30), asn: 8075(-2.20),
 country: US(-0.07)]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Mar 2019 08:53:01 -0000

Thanks!

________________________________
From: Polytropon <freebsd@edvax.de>
Sent: Monday, March 11, 2019 1:40:20 AM
To: Alexandre Leonenko
Cc: freebsd-questions@freebsd.org
Subject: Re: Automatic unencryption using /etc/fstab

On Mon, 11 Mar 2019 08:20:46 +0000, Alexandre Leonenko wrote:
> Is it possible to use /etc/fstab to point to encryption key file
> to unencrypt a second drive on boot up?
>
> The idea that / root is already encrypted and the file will be
> as well. I want to avoid entering passwords multiple time for
> few different drives.
>
> I know Linux can already do that with the LUKS encryption and
> was wondering if same thing is possible on FreeBSD.

I think FreeBSD supports this approach natively for decades now.
Check "18.12.2. Disk Encryption with geli" in The FreeBSD Handbook:

https://people.freebsd.org/~rodrigc/doc/handbook/disks-encrypting.html

It is possible to use a key file without a passphrase and use it
in an automatic decrypt + mount scenario, but be aware of the
security implications. ;-)



--
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...