Playing around with the new OpenZFS encryption feature that comes standard with FreeBSD 13. You can now create your own encrypted USB thumb drive.
Get hold of a unused thumb drive and insert it on your freeBSD 13 system. Destroy the current partition table on the thumb drive and create a new partition table of type GPT.
Ensure you use the correct device id, use
Add a new ZFS partition to the thumb drive and give it GPT label "thumb_drive":
Create a new ZFS storage pool named "thumb_drive" on the thumb drive partition GPT labeled "thumb_drive":
Create a encrypted ZFS dataset named "secret" in ZFS storage pool "thumb_drive":
Copy files to the encrypted ZFS dataset (directory) then export the ZFS storage pool "thumb_drive" from the system:
On another FreeBSD 13 system import the thumb drive ZFS storage pool named "thumb_drive" including mount of encrypted datasets:
Get hold of a unused thumb drive and insert it on your freeBSD 13 system. Destroy the current partition table on the thumb drive and create a new partition table of type GPT.
Ensure you use the correct device id, use
# dmesg
and find the device id of your usb drive. Example below use drive id da0:
Code:
# gpart destroy -F da0
# gpart create –s gpt da0
# gpart show da0
=> 40 2015152 da0 GPT (984M)
40 2015152 - free - (984M)
Add a new ZFS partition to the thumb drive and give it GPT label "thumb_drive":
Code:
# gpart add -t freebsd-zfs -l thumb_drive da0
da0p1 added
# gpart show -l da0
=> 40 2015152 da0 GPT (984M)
40 2015152 1 thumb_drive (984M)
Create a new ZFS storage pool named "thumb_drive" on the thumb drive partition GPT labeled "thumb_drive":
Code:
# zpool create thumb_drive gpt/thumb_drive
# zfs list thumb_drive
NAME USED AVAIL REFER MOUNTPOINT
thumb_drive 372K 832M 96K /thumb_drive
Create a encrypted ZFS dataset named "secret" in ZFS storage pool "thumb_drive":
Code:
# zfs create -o encryption=on -o keyformat=passphrase thumb_drive/secret
Enter passphrase:
Re-enter passphrase:
# zfs get -p encryption,keystatus,keyformat,keylocation thumb_drive/secret
NAME PROPERTY VALUE SOURCE
thumb_drive /secret encryption aes-256-gcm -
thumb_drive /secret keystatus available -
thumb_drive /secret keyformat passphrase -
thumb_drive /secret keylocation prompt local
Copy files to the encrypted ZFS dataset (directory) then export the ZFS storage pool "thumb_drive" from the system:
Code:
# cp “secret_files” /thumb_drive/secret
# zpool export thumb_drive
On another FreeBSD 13 system import the thumb drive ZFS storage pool named "thumb_drive" including mount of encrypted datasets:
Code:
# zpool import –l thumb_drive
Enter passphrase for ‘thumb_drive/secret’:
Last edited: