Create an encrypted directory using pefs
pefs install
pefs load kernel module
Once installed, we next need to load the pefs kernel module:
check the pefs kernel module is loaded with kldstat
If we want to keep this module loaded across reboots, add it to /boot/loader.conf:
then add the following line to /boot/load.conf
pefs encrypted directory
create an encrypted directory
create a directory in your home directory which we will encrypt with pefs, in this demo the name of the directory is storage
change permissions to make it readable by only our user
create the pefs keychain with aes256 encryption
At the prompt enter you user login password and then confirm
Enter parent key passphrase:
Reenter parent key passphrase:
list the ~/storage directory to make sure the ~/storage/.pefs.db file is created
mount the ~/storage directory
pefs add aes256 key
Enter the same password as you used to create the keychain
create a file with some text to test the encryption
check the contents of the file and it should be unencrypted
unmount the pefs directory
unmount the ~/storage directory and the file will become encrypted
list the storage directory and the filename will now be encrypted
check the contents of the file and it should be encrypted
the filename will be changed from test.txt to an encrypted string
remount the pefs ~/storage directory
remount the pefs ~/storage directory
re add the pefs key note you dont have to add the keychain,
as you have already created the keychain you just have to re add the pefs key
you will be prompted to enter your password, which is your user login password
Enter passphrase:
list the contents of the ~/storage directory
check the contents of the file and it should be unencrypted
pefs showchains for directory show the key added to the keychain
this should show the key is encrypted with aes256 encyption
pefs install
Bash:
sudo pkg install pefs-kmod
pefs load kernel module
Once installed, we next need to load the pefs kernel module:
Bash:
sudo kldload pefs
check the pefs kernel module is loaded with kldstat
Bash:
kldstat
If we want to keep this module loaded across reboots, add it to /boot/loader.conf:
Bash:
sudo vim /boot/loader.conf
then add the following line to /boot/load.conf
Bash:
pefs_load="YES"
pefs encrypted directory
create an encrypted directory
create a directory in your home directory which we will encrypt with pefs, in this demo the name of the directory is storage
Bash:
mkdir -p ~/storage
change permissions to make it readable by only our user
Bash:
chmod 700 ~/storage
create the pefs keychain with aes256 encryption
Bash:
pefs addchain -fZ -a aes256 ~/storage
At the prompt enter you user login password and then confirm
Enter parent key passphrase:
Reenter parent key passphrase:
list the ~/storage directory to make sure the ~/storage/.pefs.db file is created
Bash:
ls -a ~/storage
mount the ~/storage directory
Bash:
pefs mount ~/storage ~/storage
pefs add aes256 key
Bash:
pefs addkey -c -a aes256 ~/storage
Enter the same password as you used to create the keychain
create a file with some text to test the encryption
Bash:
echo 'testing' > ~/storage/test.txt
check the contents of the file and it should be unencrypted
Bash:
less ~/storage/test.txt
unmount the pefs directory
unmount the ~/storage directory and the file will become encrypted
Bash:
pefs umount ~/storage
list the storage directory and the filename will now be encrypted
Bash:
ls -al ~/storage
check the contents of the file and it should be encrypted
the filename will be changed from test.txt to an encrypted string
Bash:
less ~/storage/.CHkOvB7RVpxPAwD3X8AgG0hltd_sQV59
remount the pefs ~/storage directory
remount the pefs ~/storage directory
Bash:
pefs mount ~/storage ~/storage
re add the pefs key note you dont have to add the keychain,
as you have already created the keychain you just have to re add the pefs key
Bash:
pefs addkey -c -a aes256 ~/storage
you will be prompted to enter your password, which is your user login password
Enter passphrase:
list the contents of the ~/storage directory
Bash:
ls -al ~/storage
check the contents of the file and it should be unencrypted
Bash:
less ~/storage/test.txt
pefs showchains for directory show the key added to the keychain
Bash:
pefs showchains -f ~/storage
this should show the key is encrypted with aes256 encyption