💾 Archived View for gemini.solobsd.org › geli.gmi captured on 2022-06-03 at 22:52:13. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2022-03-01)
-=-=-=-=-=-=-
Ok, since I am reading Michael Lucas' [FreeBSD Mastery: Storage Essentials](https://www.michaelwlucas.com/nonfiction/freebsd-mastery-storage-essentials). I decided to get my hands dirty and learn about GELI and disk encryption. Here are my notes:
First of all, you need a new device to encrypt, you can encrypt existing devices, but you need to backup data first. I assume too that you have GELI up and running.
We want our device to be filled by randomness, so we apply three teaspoons of it:
`dd if=/dev/random of=/dev/ada0p1 bs=1m`
I went the easy way and encrypted without a key file, this is NOT RECOMMENDED, so create your key file. (You can find how in the book :) )
`geli init -s 4096 /dev/ada1p1`
You will receive the next message:
Metadata backup can be found in /var/backups/ad1p1.eli and can be restored with the following command:
`geli restore /var/backups/ada1p1.eli /dev/ada1p1`
`geli attach /dev/ada1p1`
Ok now you have your device ready, let's create a new filesystem on it and mount it:
`newfs -j /dev/ada1p1.eli`
`mount /dev/ada1p1.eli /mnt/`
Done? Ok now unmount and detach it.
`umount /mnt`
`geli detach ada1p1.eli`
Groovy!