FreeBSD 13 openzfs encrypted thumb drive

petlib

New Member


Messages: 7

Playing around with the new OpenZFS encryption feature that comes standard with FreeBSD 13. You can now create your own encrypted thumb drive.

# dmesg and find the device id of your usb drive (example below use da0)

Code:
#careful!# gpart destroy da0

# gpart create –s gpt da0
# gpart show da0
=> 40 2015152 da0 GPT (984M)
     40 2015152 - free - (984M)

# gpart add -t freebsd-zfs -l thumb_drive da0
da0p1 added

# gpart show -l da0
=> 40 2015152 da0 GPT (984M)
     40 2015152 1 thumb_drive (984M)

# zpool create thumb_drive gpt/thumb_drive
# zfs list thumb_drive
NAME USED AVAIL REFER MOUNTPOINT
thumb_drive 372K 832M 96K /thumb_drive

# zfs create -o encryption=on -o keyformat=passphrase thumb_drive/secret
Enter passphrase:
Re-enter passphrase:

# zfs get -p encryption,keystatus,keyformat,keylocation thumb_drive/secret
NAME PROPERTY VALUE SOURCE
thumb_drive /secret encryption aes-256-gcm -
thumb_drive /secret keystatus available -
thumb_drive /secret keyformat passphrase -
thumb_drive /secret keylocation prompt local

# cp “secret_files” /thumb_drive/secret
# zpool export thumb_drive
On another FreeBSD 13 system:
Code:
# zpool import –l thumb_drive
Enter passphrase for ‘thumb_drive/secret’:
 
Last edited:
Top