Solved [Solved] Encrypting a folder

dcbdbis

dcbdbis

Good evening all,

I have read many posts that are close to, but not exactly what I am after. I want to encrypt a single folder and it's contents. I have read that "TrueCrypt" may not be very secure. but, after reading,...it does do what I need.
Can someone let me know if TrueCrypt is secure, or some other mechanism withing Freebsd (10.0 p-7, x64) to accomplish this? I understand that TrueCrypt has been discontinued. I am of the understanding (I could be wrong) that MS had their fingers in it, which means I don't trust it.

PEFS is another mechanism with a good wiki and "HowTo"

But the same question remains about PEFS....How secure really is it?

Sorry to ask questions, but like the VA, my new client requires encryption because there is customer ID information in the App/DB I am about to help develop. We don't want a stolen PC to release our customer credentials and personal information.


Pointers to articles I've missed and or how-to's I've missed are also appreciated....


Sincerely and respectfully,


Dave

Edit: Clarifications and some explanations
 
Re: Encrypting a folder

Alternatively (or expanding) to what @SirDice said, you can mount an image file (vnode) you prepared as an encrypted filesystem, under the desired directory. That's what I do on a FreeBSD VPS having been too lazy to reshape and repartition what the hosting company pre-defined for me. :beergrin I just needed one directory encrypted so this works for me.

Code: 
mdconfig -at vnode -f /path/to/your/image.file
geli attach /dev/md0
mount -o noatime /dev/md0.eli /dir/to/mount/under

You'll have to do the above after each reboot, if you want to persist it. Preparing it as some extra steps:

Code: 
dd if=/dev/zero of=/path/to/your/image.file bs=1M count=xxx
mdconfig -at vnode -f /path/to/your/image.file
geli init /dev/md0
geli attach /dev/md0
newfs /dev/md0.eli
mount -o noatime /dev/md0.eli /dir/to/mount/under

Check the manuals of mdconfig(8) and geli(8) for additional options, eg. md device number, encryption options, etc...
 
Last edited by a moderator:
  • Thanks
Reactions: grz
Re: Encrypting a folder

I thank all of you for the response.

I was still thinking in Linux terms. I was understanding the link @SirDice had sent me as a physical partition when I read it the first time before posting, which is not what I want to do.

@AzaShog then expanded @SirDice's comment to take it down to just a folder which is what I am after.

I do have one last question if I may please,..... when I initially create the image file with dd, may this filename be arbitrary? Or is their a specific filename convention I must follow?


Thank you all for the clarification. I do appreciate it....



Sincerely and respectfully,


Dave
 
Last edited by a moderator:
Re: Encrypting a folder

The image file name can be anything you want. Personally, I keep them next to the mountpoint with an .img extension, eg. I have image file for the PostgreSQL database /usr/local/pgsql.img mounted to /usr/local/pgsql, which is its default data directory.
 
Re: Encrypting a folder

Outstanding!

Thank you for the clarification. I now have the knowledge I need to create a encrypted folder.

Again, I am sincerely appreciative.


Sincerely and respectfully,


Dave
 
Re: Encrypting a folder

PEFS is useful with pam_pefs, when you want encrypted home directories and still be able to boot without being asked for password. I could not get GELI to work with pam_mount such that it works similar to PEFS. GELI is generally good for all other cases.
 
You must log in or register to reply here.
Back
Top