commit 3733f2a6f2fbbe8e8d6a36e94074fbbf69802ee2
parent f4f2550f4c5e6cbda2af3082c850da31461ab84e
Author: Paco Esteban <paco@onna.be>
Date: Sat, 24 Aug 2019 19:53:24 +0200
new article:
Encrypt usb-flash drive on OpenBSD
Diffstat:
3 files changed, 73 insertions(+), 1 deletion(-)
diff --git a/src/gophermap b/src/gophermap
@@ -12,6 +12,7 @@ Sometimes I write things so I do not forget ...
o--o-- Random (usually tech) stuff
+0Encrypt a USB flash drive on OpenBSD. /openbsd-encrypt-usb-flash-drive.md.txt onna.be 70
0Long Wireless links and monitoring. /long-wireless-links-and-monitoring.md.txt onna.be 70
0Trying to avoid browser dependency. /browser-dependency.md.txt onna.be 70
0Self hosted XMPP server (on OpenBSD) /self-hosted-xmpp-server.md.txt onna.be 70
@@ -44,5 +45,5 @@ Have any comments ?
Send an email at <comments@onna.be>
o- o -- -------------------------------------------------------- -- o --
-Last updated: Fri, 23 Aug 2019 16:20:44 +0000
+Last updated: Sat, 24 Aug 2019 17:51:20 +0000
o- o -- -------------------------------------------------------- -- o --
diff --git a/src/index.html b/src/index.html
@@ -1,4 +1,5 @@
<ul>
+<li><a href="/openbsd-encrypt-usb-flash-drive.html" title="2019-08-24">Encrypt a USB flash drive on OpenBSD.</a></li>
<li><a href="long-wireless-links-and-monitoring.html" title="2019-05-31">Long Wireless links and monitoring</a></li>
<li><a href="browser-dependency.html" title="2019-05-07">Trying to avoid browser dependency.</a></li>
<li><a href="self-hosted-xmpp-server.html" title="2019-04-25">Self hosted XMPP server (on OpenBSD)</a></li>
diff --git a/src/openbsd-encrypt-usb-flash-drive.md b/src/openbsd-encrypt-usb-flash-drive.md
@@ -0,0 +1,70 @@
+# Encrypt a USB flash drive on OpenBSD.
+2019-08-24
+
+This are some notes to encrypt a USB flash drive on OpenBSD, is taken from the
+[OpenBSD FAQ][1] just with a bit more explanation so I can remember what's all
+about.
+
+Of course, you should not trust anything I say here and check [bioctl(8)][2] man
+page and the already mentioned FAQ.
+
+On this example we assume the USB drive is `sd3`. All commands have to be
+executed by `root` (hence the `#`) or using `doas(1)`.
+
+The first time, to create the encrypted drive, it is recommended to write
+random data to the disk.
+
+ # dd if=/dev/urandom of=/dev/rsd3c bs=1m
+
+Then partition the disk (`-i` reinitializes the partition table and `-y`
+answers yes to all prompts).
+
+ # fdisk -iy sd3
+
+After that create a partition of type `RAID` with `disklabel(8)`. This command
+is interactive, check the man page for that. Is quite easy.
+
+ # disklabel -E sd3
+
+Now you can create the encrypted volume. The parameter `-c` specifies the
+`RAID` level for our volume, `C` is a `CRYPTO` volume. `-l sd3` specifies the
+_chunk device_ to use. And `softraid0` is the `softraid(4)` device.
+
+ # bioctl -c C -l sd3a softraid0
+
+That will ask for password twice and it will respond with the new created
+device:
+
+ softraid0: CRYPTO volume attached as sd4
+
+We can "clear" the new device filling it with zeros, initialize the device and
+create a partition (`i` in this case, usually reserved to partitions outside
+the disklabel, like MS-DOS partitions).
+
+ # dd if=/dev/zero of=/dev/rsd4c bs=1m count=1
+ # fdisk -iy sd4
+ # disklabel -E sd4
+
+Create now the file system on the new partition and mount it:
+
+ # newfs sd4i
+ # mount /dev/sd4i /mnt/secretstuff
+
+To remove the device, unmount it and then detach the crypto device:
+
+ # umount /mnt/secretstuff
+ # bioctl -d sd4
+
+In order to mount the device again, you have to attach it again with the same
+command you used to create the crypto device, and then mount it:
+
+ # bioctl -c C -l sd3a softraid0
+ # mount /dev/sd4i /mnt/secretstuff
+
+Remember to unmount and detach before removing it.
+
+_Have any comments ? Send an email to the [comments address][999]._
+
+[1]: https://www.openbsd.org/faq/faq14.html#softraid
+[2]: https://man.openbsd.org/bioctl.8
+[999]: mailto:comments@onna.be?Subject=Encrypt%20a%20USB%20flash%20drive%20on%20OpenBSD.