Oct 132018
 

Ok, since I am reading Michael Lucas’ FreeBSD Mastery: Storage Essentials I decided to get my hands dirty and learn about GELI and disk encryption. Here are my notes:

First of all, you need a new device to encrypt, you can encrypt existing devices, but you need to backup data first. I assume too that you have GELI up and running.

  • Randomizing the device.
          We want our device to be filled by randomness, so we apply three teaspoons of it:
           dd if=/dev/random of=/dev/ada0p1 bs=1m

I went the easy way and encrypted without a key file, this is NOT RECOMMENDED, so create your key file. (You can find how in the book 🙂 )

  • Initializing the provider.
           geli init -s 4096 /dev/ada1p1

You will receive the next message:

Metadata backup can be found in /var/backups/ad1p1.eli and can be restored with the following command:

geli restore /var/backups/ada1p1.eli /dev/ada1p1
  • Activate the device.
geli attach /dev/ada1p1

Ok now you have your device ready, let’s create a new filesystem on it and mount it:

newfs -j /dev/ada1p1.eli
 mount /dev/ada1p1.eli /mnt/

Done? Ok now unmount and detach it.

umount /mnt
 geli detach ada1p1.eli

Groovy!

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

This site uses Akismet to reduce spam. Learn how your comment data is processed.