sources for e1e0 website
git clone https://git.e1e0.net/e1e0.net.git
Log | Files | Refs

commit 3733f2a6f2fbbe8e8d6a36e94074fbbf69802ee2
parent f4f2550f4c5e6cbda2af3082c850da31461ab84e
Author: Paco Esteban <paco@onna.be>
Date:   Sat, 24 Aug 2019 19:53:24 +0200

new article:

Encrypt usb-flash drive on OpenBSD

Msrc/gophermap | 3++-
Msrc/index.html | 1+
Asrc/openbsd-encrypt-usb-flash-drive.md | 70++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 73 insertions(+), 1 deletion(-)

diff --git a/src/gophermap b/src/gophermap @@ -12,6 +12,7 @@ Sometimes I write things so I do not forget ... o--o-- Random (usually tech) stuff +0Encrypt a USB flash drive on OpenBSD. /openbsd-encrypt-usb-flash-drive.md.txt onna.be 70 0Long Wireless links and monitoring. /long-wireless-links-and-monitoring.md.txt onna.be 70 0Trying to avoid browser dependency. /browser-dependency.md.txt onna.be 70 0Self hosted XMPP server (on OpenBSD) /self-hosted-xmpp-server.md.txt onna.be 70 @@ -44,5 +45,5 @@ Have any comments ? Send an email at <comments@onna.be> o- o -- -------------------------------------------------------- -- o -- -Last updated: Fri, 23 Aug 2019 16:20:44 +0000 +Last updated: Sat, 24 Aug 2019 17:51:20 +0000 o- o -- -------------------------------------------------------- -- o -- diff --git a/src/index.html b/src/index.html @@ -1,4 +1,5 @@ <ul> +<li><a href="/openbsd-encrypt-usb-flash-drive.html" title="2019-08-24">Encrypt a USB flash drive on OpenBSD.</a></li> <li><a href="long-wireless-links-and-monitoring.html" title="2019-05-31">Long Wireless links and monitoring</a></li> <li><a href="browser-dependency.html" title="2019-05-07">Trying to avoid browser dependency.</a></li> <li><a href="self-hosted-xmpp-server.html" title="2019-04-25">Self hosted XMPP server (on OpenBSD)</a></li> diff --git a/src/openbsd-encrypt-usb-flash-drive.md b/src/openbsd-encrypt-usb-flash-drive.md @@ -0,0 +1,70 @@ +# Encrypt a USB flash drive on OpenBSD. +2019-08-24 + +This are some notes to encrypt a USB flash drive on OpenBSD, is taken from the +[OpenBSD FAQ][1] just with a bit more explanation so I can remember what's all +about. + +Of course, you should not trust anything I say here and check [bioctl(8)][2] man +page and the already mentioned FAQ. + +On this example we assume the USB drive is `sd3`. All commands have to be +executed by `root` (hence the `#`) or using `doas(1)`. + +The first time, to create the encrypted drive, it is recommended to write +random data to the disk. + + # dd if=/dev/urandom of=/dev/rsd3c bs=1m + +Then partition the disk (`-i` reinitializes the partition table and `-y` +answers yes to all prompts). + + # fdisk -iy sd3 + +After that create a partition of type `RAID` with `disklabel(8)`. This command +is interactive, check the man page for that. Is quite easy. + + # disklabel -E sd3 + +Now you can create the encrypted volume. The parameter `-c` specifies the +`RAID` level for our volume, `C` is a `CRYPTO` volume. `-l sd3` specifies the +_chunk device_ to use. And `softraid0` is the `softraid(4)` device. + + # bioctl -c C -l sd3a softraid0 + +That will ask for password twice and it will respond with the new created +device: + + softraid0: CRYPTO volume attached as sd4 + +We can "clear" the new device filling it with zeros, initialize the device and +create a partition (`i` in this case, usually reserved to partitions outside +the disklabel, like MS-DOS partitions). + + # dd if=/dev/zero of=/dev/rsd4c bs=1m count=1 + # fdisk -iy sd4 + # disklabel -E sd4 + +Create now the file system on the new partition and mount it: + + # newfs sd4i + # mount /dev/sd4i /mnt/secretstuff + +To remove the device, unmount it and then detach the crypto device: + + # umount /mnt/secretstuff + # bioctl -d sd4 + +In order to mount the device again, you have to attach it again with the same +command you used to create the crypto device, and then mount it: + + # bioctl -c C -l sd3a softraid0 + # mount /dev/sd4i /mnt/secretstuff + +Remember to unmount and detach before removing it. + +_Have any comments ? Send an email to the [comments address][999]._ + +[1]: https://www.openbsd.org/faq/faq14.html#softraid +[2]: https://man.openbsd.org/bioctl.8 +[999]: mailto:comments@onna.be?Subject=Encrypt%20a%20USB%20flash%20drive%20on%20OpenBSD.