Arnaud Fenioux 's Personal Home Page

FreeBsd Crypto

March 4, 2016 - Arnaud
Categorie: Technical
Tags: BSD

There are several way to make some crypto :

-  To create encrypted image jails, use the -c switch and either pass bde or eli and follow the instructions on screen:
ezjail-admin create -c eli -i 16G example.com 10.0.0.3

Also note, that crypto jails would block the boot process (unless the passphrase is provided via a file or some fetch magic via stdin). So they are being marked as attachblocking and not started during boot time. You need to start them using ezjail-admin startcrypto.

Further reading : http://erdgeist.org/arts/software/ezjail/

- you can use gbde or geli to encrypt partition : https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypt...

- You can also mount an image file (vnode) that you have prepared to be an encrypted filesystem.

Creation of the image :

dd if=/dev/zero of=/path/to/your/image.file bs=1M count=xxx
mdconfig -at vnode -f /path/to/your/image.file
geli init /dev/md0
geli attach /dev/md0
newfs /dev/md0.eli

Attach/mount the encrypted image :

mdconfig -at vnode -f /path/to/your/image.file
geli attach /dev/md0
mount -o noatime /dev/md0.eli /dir/to/mount/under

Further reading : http://erdgeist.org/arts/software/ezjail/