Creating encrypted file systems on openBSD

This is something I wanted to do for my own system, but I thought I'd share the notes with anyone interested. I create a couple smaller encrypted filesystems to make backups easier. Backups are important in general, but moreso here because I worried that one of our frequent power outages would result in a corrupt encrypted filesystem. I wanted something small enought to be able to copy easily and not have to rely on tape backups.

create:

Create the directory you will mount it on (my sandbox, here):

Create the directory you'll keep the filesystem file in

Creat the filesystem file by dumping data into it
/dev/arandom is way faster than /dev/srandom and good enough for this. /dev/zero will be even faster (so for large filesystems...) but is possibly less secure
bs = block size
count = how many blocks
in this case, a 20M filesystem is fine, so 20 * 1024 = 20480

configure the a virtual node to use that file (vnconfig)
-c = create, -k = ask for a key, -v = verbose
/dev/svnd devices are "safe" virtual nodes that maintiane cache conherency
svnd0 is safe virtual node device 0
svnd0c is the c partition. the default partition that contains everything

Use newfs to tell the system it's a filesystem now (rsvnd0c is the raw device for svnd0c)

mount the device on the mount directory (not the filesystem file)

unmounting

Unmount and then unconfig the device:

mounting

config the device onto the file and enter the key when it asks

Mount with the sync option even though we probably don't need it. "probably" is a fair weather friend. I think it's automatic, but I'm using it anyway.

These notes were scribled down April, 2007 by Roy Corey

Feel free to email me any questions, suggestions, corrections, etc.