Encrypt a USB flash drive on OpenBSD.
This are some notes to encrypt a USB flash drive on OpenBSD, is taken from the OpenBSD FAQ just with a bit more explanation so I can remember what’s all about.
Of course, you should not trust anything I say here and check bioctl(8) man page and the already mentioned FAQ.
On this example we assume the USB drive is
sd3. All commands have to be
root (hence the
#) or using
The first time, to create the encrypted drive, it is recommended to write random data to the disk.
# dd if=/dev/urandom of=/dev/rsd3c bs=1m
Then partition the disk (
-i reinitializes the partition table and
answers yes to all prompts).
# fdisk -iy sd3
After that create a partition of type
disklabel(8). This command
is interactive, check the man page for that. Is quite easy.
# disklabel -E sd3
Now you can create the encrypted volume. The parameter
-c specifies the
RAID level for our volume,
C is a
-l sd3 specifies the
chunk device to use. And
softraid0 is the
# bioctl -c C -l sd3a softraid0
That will ask for password twice and it will respond with the new created device:
softraid0: CRYPTO volume attached as sd4
We can “clear” the new device filling it with zeros, initialize the device and
create a partition (
i in this case, usually reserved to partitions outside
the disklabel, like MS-DOS partitions).
# dd if=/dev/zero of=/dev/rsd4c bs=1m count=1 # fdisk -iy sd4 # disklabel -E sd4
Create now the file system on the new partition and mount it:
# newfs sd4i # mount /dev/sd4i /mnt/secretstuff
To remove the device, unmount it and then detach the crypto device:
# umount /mnt/secretstuff # bioctl -d sd4
In order to mount the device again, you have to attach it again with the same command you used to create the crypto device, and then mount it:
# bioctl -c C -l sd3a softraid0 # mount /dev/sd4i /mnt/secretstuff
Remember to unmount and detach before removing it.
Have any comments ? Send an email to the comments address.