This post is part of the series FreeBSD on my laptop
The disk encruption chapter in the handbook [1] is not fully applicable as it only talks about encrypting real partitions. However a file can be attached as a device using mdconfig(8).
First a file of a proper size has to be made. Here the file is 1024 MB. dd(1) is used for the job:
dd if=/dev/zero of=/path/to/safe.img bs=1m count=1024
where /path/to/safe.img is the full path to the encrypted container.
Now the file is attached as a memory device using mdconfig:
mdconfig -f /path/to/safe.img
mdconfig will then output the devicename e.g. “md0″.
From here on the instructions in [1] can be followed with /dev/md0 as the device. (In the following the geli method is used)
Initialize the encryption
geli init /dev/md0
Attach it and create a filesystem and detach again
geli attach /dev/md0
newfs /dev/md0.eli
geli detach /dev/md0
Note that the decrypted device is at /dev/md0.eli!
Now the encrypted container is created.
When needing it mount it with:
mdconfig -f /path/to/file
geli attach /dev/md0
mount /dev/md0.eli /mnt/safe
Unmount it after use with
umount /mnt/safe
geli detach /dev/md0
mdconfig -d -u 0
Note that you are not necessarily given the device md0 but the first free one. Please take that into consideration.
Resources:
[1] Encrypting Disk Partitions
1 Comment so far
Leave a comment
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
[...] Encrypted container in mountable file [...]
Pingback by FreeBSD on my laptop « Troels Kofoed Jacobsen’s blog July 17, 2009 @ 10:13 pm