So I decided to create an encrypted folder on my workstation to use as a storage device for work related files (which typically have passwords etc located in them). After some trial and error I found the way to do it. Blog entries and the like that reference this material mention using the svnd0 vnode device for the encryption but it doesn't work. I'm not sure if this is an OpenBSD 5 peculiarity or something to do with my Sparc install but I eventually sorted it out.
Note: do all commands as the root user - it's a lot easier.
I created the sparse file to be encrypted:
# dd if=/dev/zero of=/location/of/secret/file/.cryptfile bs=1024 count=1024000
Note that it's 1GB in size and has a preceeding "." so it's at least a little bit hidden from a casual ls search.
I have to mount .cryptfile somewhere so I created a folder for that too:
# mkdir /media/crypt (or wherever you'd like to put it)
I have to check what vnodes are available:
# vnconfig -l
vnd0: not in use
vnd1: not in use
vnd2: not in use
vnd3: not in use
I can choose any of these to associate with my virtual encrypted device. I will use vnd0. Using vnconfig again:
# sudo vnconfig -ck -v vnd0 .cryptfile
Encryption key: (use something good)
vnd0: 1048576000 bytes on .cryptfile
OK so now we need to create a file system on our device (which is only a single partition) so we need to newfs the "c" slice as this is the whole disk:
# sudo newfs /dev/vnd0c
/dev/rvnd0c: 1000.0MB in 2048000 sectors of 512 bytes
5 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
super-block backups (for fsck -b #) at:
32, 414688, 829344, 1244000, 1658656,
So now to mount our encrypted filesystem to store our secret files!
# mount /dev/vnd0c /media/crypt
Probably a good idea to make it usable for me:
# chown -R angus:wheel /media/crypt
And we're off and racing:
# df -h
Filesystem Size Used Avail Capacity Mounted on
/dev/wd0a 1005M 42.2M 913M 4% /
/dev/wd0k 42.8G 1.0G 39.7G 2% /home
/dev/wd0d 3.9G 224K 3.7G 0% /tmp
/dev/wd0f 2.0G 450M 1.4G 24% /usr
/dev/wd0g 1005M 135M 820M 14% /usr/X11R6
/dev/wd0h 8.6G 1.9G 6.3G 23% /usr/local
/dev/wd0j 2.0G 2.0K 1.9G 0% /usr/obj
/dev/wd0i 2.0G 2.0K 1.9G 0% /usr/src
/dev/wd0e 7.9G 42.7M 7.4G 1% /var
/dev/vnd0c 984M 2.0K 935M 0% /media/crypt
I'll be re-creating this whole thing again soon so watch out for any updates or errata.
Check out: http://www.backwatcher.org/writing/howtos/obsd-encrypted-filesystem.html for some handy mounting/unmounting scripts.
Angus Beath's Blog - a jotting down of thoughts, handy to remember things and general BS about the world.
Subscribe to:
Post Comments (Atom)
Adventures with Immich
With the implementation of my Proxmox server it's now time to play with some new applications - and we'll start with Immich, a repla...
-
One of my clients, a non-profit, has a lot of files on it's clients. They need a way to digitally store these files, securely and with a...
-
I was reading an article discussing forensic preparation for computer systems. Some of the stuff in there I knew the general theory of, but ...
-
This is an update of an older post, as the utilities change, so has this concept of a cheap network spike - I use it to troubleshoot network...
No comments:
Post a Comment