encrypted blobs with fbsd

i started reading about encrypted filesystems when i was ordered to represent the company i am working for on a meeting in another country. i wanted to take my personal laptop with me (so the latops of our company could be used for real work) and i wanted to take several documents towards the meeting with me. but what if someone steals my laptop?

well, after reading a bit about it i made it work under fbsd. this is a little howto so i wont forget it :)

first you have to load the geli module:


%> sudo kldload geom_eli
%> export EF=encfile


in the case one wants to encrypt a file acting as an encrypted container one
has to create this file. if you want to encrypt whole partitions or harddisks
or usb-flashdisks, just use the actual device instead of "encfile". so, lets
prepare a 128M empty file and connect it to the "loopback" device:


%> sudo dd if=/dev/zero of=$EF bs=1M count=128
%> mdconfig -a -t vnode -f $EF -u 0


create a key for geli to use:


%> dd if=/dev/random of=$EF.key bs=64 count=1
%> sudo geli init -s 4096 -K $EF.key /dev/md0


once you have that you can attach and detach your container via


%> sudo mdconfig -a -t vnode -f $EF -u 0
%> sudo geli attach -k $EF.key /dev/md0


and disconnect from it via


%> sudo geli detach /dev/md0
%> sudo mdconfig -d -u 0


when you have attached to such a container you can work on it like you would
do to a normal device. the device name would be /dev/md0.eli.

so, for example you can create a new filesystem on it and mount it:


%> sudo dd if=/dev/zero of=/dev/md0.eli bs=1m
%> sudo newfs /dev/md0.eli
%> sudo mount /dev/md0.eli /mnt/encrypted


and then store whatever you like.