Quote:
Originally Posted by jggimi
I'd forgotten that vnconfig(8) includes its own encryption methodology. So with vnconfig(8) alone, you could use files as encrypted backing storage for vnd(4) virtual drives, as a replacement for the softraid(4) CRYPTO discipline.
|
The example given in
vnconfig(8) is incomplete. I wrote a Makefile that includes and automates the missing steps, It makes it much easier to use encrypted vnode disks/files. but it just needs some more testing.
Disadvantage of this approach is that you need a 128 bytes long salt file, as well as a password. When you lose the salt file, you can say goodbye to your data
I also tried to use a vnode disk/backing storage file with the encrypted discipline for bioctl/softraid.
That works too, but is more complicated to initialize. I am still working on automating it with a Makefile. The advantage is that you only need to remember the password.