Encrypting partitions with openbsd 4.1 or 4.2

Previous thread: Jumb Frames by Jake Conk on Wednesday, October 3, 2007 - 1:32 am. (3 messages)

Next thread: Any users in Portugal? by Timo Schoeler on Wednesday, October 3, 2007 - 6:56 am. (1 message)

[view original message]

From: carlopmart

Subject: Encrypting partitions with openbsd 4.1 or 4.2

Date: Wednesday, October 3, 2007 - 4:45 am

Hi all,

  How can I encrypt a whole partition with OpenBSD 4.1 or 4.2-current?? 
I  only info about encrypt image files and not partitions ....

many thanks.

-- 
CL Martinez
carlopmart {at} gmail {d0t} com

[ message continues ]

[view original message]

From: Guillaume Dualé

Subject: Re: Encrypting partitions with openbsd 4.1 or 4.2

Date: Wednesday, October 3, 2007 - 6:06 am

Hello,
perhaps this HowTo will help you ?

http://geektechnique.org/projectlab/797/openbsd-encrypted-nas-howto

See you :)
Guillaume.
---

[ message continues ]

[view original message]

From: carlopmart

Subject: Re: Encrypting partitions with openbsd 4.1 or 4.2

Date: Wednesday, October 3, 2007 - 6:16 am

In this howto only explains howto encrypt sparse files and not partitions ..

-- 
CL Martinez
carlopmart {at} gmail {d0t} com

[ message continues ]

[view original message]

From: Jacob Yocom-Piatt

Subject: Re: Encrypting partitions with openbsd 4.1 or 4.2

Date: Wednesday, October 3, 2007 - 8:02 am

the technique in the article does not only apply to sparse files. have 
an encrypted /var on some of my webservers and the procedure is 
identical to what's in the link further down (starts with the dd-ing of 
an image file).

do note it's not possible to encrypt all partitions using vnconfig. for 
the time being this is the best you can do: encrypt images and mount 
them after using vnconfig.

[ message continues ]

[view original message]

From: carlopmart

Subject: Re: Encrypting partitions with openbsd 4.1 or 4.2

Date: Wednesday, October 3, 2007 - 9:20 am

Thanks jacob, but  I have received an email from openbsd's developer 
that it isn't possible to encrypt partitions or disks ... only image 
files created by dd command ...

-- 
CL Martinez
carlopmart {at} gmail {d0t} com

[ message continues ]

[view original message]

From: Chris Kuethe

Subject: Re: Encrypting partitions with openbsd 4.1 or 4.2

Date: Wednesday, October 3, 2007 - 11:25 am

The developer of whom you speak may be slightly misinformed, or just
hasn't tried it. There is no need to mention names, but as of ...
hmmm... 2 minutes ago, i was able to use vnd to encrypt an entire
partition.

CK

-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?

[ message continues ]

[view original message]

From: Julian Leyh

Subject: Re: Encrypting partitions with openbsd 4.1 or 4.2

Date: Thursday, October 4, 2007 - 1:47 am

IIRC, you can't use vnd0 for partitions, somehow it causes problems. But
if you use vnd1 or a higher number, it should just work.

Julian

-- 
If you don't remember something, it never existed...
If you aren't remembered, you never existed...
I don't quite understand what love is like... But if there
was someone who liked me, I'd be happy.

[ message continues ]

[view original message]

From: Jacob Yocom-Piatt

Subject: Re: Encrypting partitions with openbsd 4.1 or 4.2

Date: Thursday, October 4, 2007 - 7:30 am

uh, pretty sure that's not the case. this hogwash about encrypted 
partitions is getting old:

# df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
...
/dev/sd0e     19.7G   19.7G  -1008M   105%    /enc/var
/dev/svnd0a   19.4G    2.3G   16.1G    12%    /var

did have to do the vnconfig thing in /etc/rc where you normally mount 

[ message continues ]

[view original message]

From: Chris Kuethe

Subject: Re: Encrypting partitions with openbsd 4.1 or 4.2

Date: Thursday, October 4, 2007 - 7:43 am

About the only reason I could see for that being the case is that the
release(8) process is hard-coded to use vnd0 for making disk images.
If you already have vnd0 mounted as a crypto device, you won't be able
to make the installer images. Aside from that, I see nothing that
would preclude you from using something other than a file as a source
of blocks for vnd0 to use.

CK

-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?

[ message continues ]


linux-kernel:
Ingo Molnar	Re: [PATCH 0/3] v2 Make hierarchical RCU less IPI-happy and add more tracing
Jeremy Fitzhardinge	Re: Linux 2.6.28.10 and Linux 2.6.29.6 XEN Guest Support Broken x86_64 in BUILD
Nick Piggin	Re: [patch] CFS (Completely Fair Scheduler), v2
Gary Hade	Re: [PATCH 0/5][RFC] Physical PCI slot objects
Dave Johnson	Re: expected behavior of PF_PACKET on NETIF_F_HW_VLAN_RX device?
linux-netdev:
Arnd Bergmann	Re: 64-bit net_device_stats
Stephens, Allan	RE: [PATCH]: tipc: Fix oops on send prior to entering networked mode
frank.blaschka	[patch 3/5] [PATCH] qeth: support z/VM VSWITCH Port Isolation
Wu Fengguang	Re: [PATCH] dm9601: handle corrupt mac address
David Miller	Re: [PATCH net-2.6.24] Fix refcounting problem with netif_rx_reschedule()
git:
Junio C Hamano	Re: [PATCH] [RFC] add Message-ID field to log on git-am operation
Junio C Hamano	Re: Handling large files with GIT
Karl	Re: [ANNOUNCE] pg - A patch porcelain for GIT
Josh Triplett	Re: [RFC][PATCH 00/10] Sparse: Git's "make check" target
Pierre Habouzit	Re: [PATCH] git-daemon: more powerful base-path/user-path settings, using formats.
git-commits-head:
Linux Kernel Mailing List	MIPS: RBTX4939: Fix IOC pin-enable register updating
Linux Kernel Mailing List	regulator: update email address for Liam Girdwood
Linux Kernel Mailing List	[SCSI] ipr: add message to error table
Linux Kernel Mailing List	powerpc/32: Wire up the trampoline code for kdump
Linux Kernel Mailing List	USB: omap_udc: sync with OMAP tree
openbsd-misc:
Josh Grosse	Re: error : pkg add phpMyAdmin
Brian Candler	Re: OBSD's perspective on SELinux
Jacob Meuser	Re: /dev/audio: Device busy
David Vasek	Re: Inexpensive, low power, "wall wart" computer
William Boshuck	Re: Richard Stallman...