DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 5th July 2022
hd77 hd77 is offline
Shell Scout
 
Join Date: Jan 2022
Posts: 97
Default truecrypt or veracrypt

hi,

just dont know if it's possible to user bioctl without the use of individual slices as :
https://romanzolotarev.com/openbsd/bioctl-crypto.html

but I would prefer to see if it's faisable with a file instead, as truecrypt and veracrypt does; this last one looks like to be a good alternative, but doesnt seems to be ported. would it be possible to have a solution regarding it?

thank yu =)
Reply With Quote
  #2   (View Single Post)  
Old 5th July 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

OpenBSD's softraid(4) driver man page states, "A chunk is a partition or storage area of fstype 'RAID'." In alignment with this, the bioctl(8) man page states , "The chunk must be specified as a full path to a device file (e.g. /dev/wd0d)."
If you want to use files rather than partitions with softraid(4), you will need a footgun* to treat files as if they are devices. In this case, vnconfig(8), which creates or destroys vnd(4) pseudo-devices.
If you require veracrypt, upgrade to OpenBSD 7.1. It is available as a package for 7.1-release.

---

* https://en.wiktionary.org/wiki/footgun
Reply With Quote
  #3   (View Single Post)  
Old 7th July 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I'd forgotten that vnconfig(8) includes its own encryption methodology. So with vnconfig(8) alone, you could use files as encrypted backing storage for vnd(4) virtual drives, as a replacement for the softraid(4) CRYPTO discipline.
Reply With Quote
  #4   (View Single Post)  
Old 10th September 2022
hd77 hd77 is offline
Shell Scout
 
Join Date: Jan 2022
Posts: 97
Default

hey

I've tried to install veracrypt, from obsd 7.0 upgrade (Im using 7.1):

quirks-5.5 signed on 2022-09-09T00:07:54Z
Can't install wxWidgets-gtk3-3.0.5.1p2 because of libraries
|library SDL2.0.11 not found
| /usr/local/lib/libSDL2.so.0.10 (sdl2-2.0.16): minor is too small
|library cairo-gobject.2.1 not found
| /usr/local/lib/libcairo-gobject.so.2.0 (cairo-1.16.0): minor is too small
|library cairo.13.2 not found
| /usr/local/lib/libcairo.so.13.0 (cairo-1.16.0): minor is too small
|library gio-2.0.4200.14 not found
| /usr/local/lib/libgio-2.0.so.4200.13 (glib2-2.68.4): minor is too small
|library glib-2.0.4201.7 not found
| /usr/local/lib/libglib-2.0.so.4201.6 (glib2-2.68.4): minor is too small
|library gobject-2.0.4200.14 not found
| /usr/local/lib/libgobject-2.0.so.4200.13 (glib2-2.68.4): minor is too small
|library gthread-2.0.4200.14 not found
| /usr/local/lib/libgthread-2.0.so.4200.13 (glib2-2.68.4): minor is too small
|library harfbuzz.17.3 not found
| /usr/local/lib/libharfbuzz.so.15.7 (harfbuzz-2.9.1): bad major
|library pango-1.0.3801.3 not found
| /usr/local/lib/libpango-1.0.so.3801.2 (pango-1.48.10): minor is too small
|library pangocairo-1.0.3801.3 not found
| /usr/local/lib/libpangocairo-1.0.so.3801.2 (pango-1.48.10): minor is too small
Direct dependencies for wxWidgets-gtk3-3.0.5.1p2 resolve to libnotify-0.7.9 gtk+3-3.24.30 sdl2-2.0.16 libmspack-0.10.1alphav2
Full dependency tree is harfbuzz-2.9.1 libvorbis-1.3.7 jpeg-2.1.1v0 libmspack-0.10.1alphav2 at-spi2-atk-2.38.0 libffi-3.3p1 libsndfile-1.0.31 atk-2.36.0 dconf-0.40.0 gettext-runtime-0.21p1 dbus-1.12.20p1v0 libogg-1.3.5 pango-1.48.10 sdl2-2.0.16 gtk-update-icon-cache-3.24.30 xz-5.2.5 png-1.6.37 glib2-2.68.4 libsamplerate-0.1.9 opus-1.3.1 at-spi2-core-2.40.3 libnotify-0.7.9 cairo-1.16.0 fribidi-1.0.10 lzo2-2.10p2 shared-mime-info-2.1 gtk+3-3.24.30 python-3.8.12 libiconv-1.16p0 tiff-4.3.0 librsvg-2.50.7 libxml-2.9.12p0 graphite2-1.3.14 hicolor-icon-theme-0.17 sqlite3-3.35.5p0 adwaita-icon-theme-40.1.1 desktop-file-utils-0.26 lz4-1.9.3p0 zstd-1.5.0 flac-1.3.4 gdk-pixbuf-2.42.6 bzip2-1.0.8p0 pcre-8.44
Can't install veracrypt-1.25.9: can't resolve wxWidgets-gtk3-3.0.5.1p2
Couldn't install veracrypt-1.25.9 wxWidgets-gtk3-3.0.5.1p2



How could I solve this?

thank you
Reply With Quote
  #5   (View Single Post)  
Old 10th September 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

You have a library mismatch. Mixing of package releases is not supported. So, if you are running a 7.1-release system, before adding any new 7.1 packages, you must first update your existing 7.0 packages that you neglected to update after you upgraded from 7.0-release to 7.1-release.

Use # pkg_add -u to update your existing, installed packages from 7.0 to 7.1. Only after this step has completed will you be able to install new 7.1 applications that have dependencies on already installed library packages.
Reply With Quote
  #6   (View Single Post)  
Old 11th September 2022
hd77 hd77 is offline
Shell Scout
 
Join Date: Jan 2022
Posts: 97
Default

it almost works, except to create/mount volumes, in a way after volume password or during creation it asks for the admin password, even with the root one or my user (in wheel group) it fails.. how could I fix it?
Reply With Quote
  #7   (View Single Post)  
Old 11th September 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Originally Posted by harrollld View Post
it almost works...
What almost works?
Quote:
...except to create/mount volumes, in a way after volume password or during creation it asks for the admin password, even with the root one or my user (in wheel group) it fails.. how could I fix it?
Provide some clarity. Perhaps you could copy and paste a log of your terminal/console session here? See the script(1) command for producing a character-by-character log of your terminal input/output, and then see the -b option of the col(1) command to remove any overtyped/backspaced content from the saved log file.
Reply With Quote
  #8   (View Single Post)  
Old 13th September 2022
hd77 hd77 is offline
Shell Scout
 
Join Date: Jan 2022
Posts: 97
Default

https://rehost.diberie.com/Picture/Get/f/88086
Reply With Quote
  #9   (View Single Post)  
Old 13th September 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Thank you. You are attempting to use veracrypt, in its GUI form, and the error message in that pop-up windowis coming from sudo(8), which veracrypt requires to have installed as a dependency. The sudo(8) utility must be provisioned before it can be successfully used.



I have not used sudo(8) in many years, and I can see (from having installed it just now) that provisioning it can be even more complex than it was at the time when I ceased using it.
Reply With Quote
Old 14th September 2022
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

Quote:
Originally Posted by jggimi View Post
I'd forgotten that vnconfig(8) includes its own encryption methodology. So with vnconfig(8) alone, you could use files as encrypted backing storage for vnd(4) virtual drives, as a replacement for the softraid(4) CRYPTO discipline.
The example given in vnconfig(8) is incomplete. I wrote a Makefile that includes and automates the missing steps, It makes it much easier to use encrypted vnode disks/files. but it just needs some more testing.
Disadvantage of this approach is that you need a 128 bytes long salt file, as well as a password. When you lose the salt file, you can say goodbye to your data

I also tried to use a vnode disk/backing storage file with the encrypted discipline for bioctl/softraid.
That works too, but is more complicated to initialize. I am still working on automating it with a Makefile. The advantage is that you only need to remember the password.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Old 18th September 2022
hd77 hd77 is offline
Shell Scout
 
Join Date: Jan 2022
Posts: 97
Default

then how could I solve the problem?
to create/open a veracrypt volume without root logging each time?
I admit Im a bit lost... under linux it was just being a sudoer to be up to..
Reply With Quote
Old 18th September 2022
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

Quote:
Originally Posted by mount(8)
Only the superuser may mount file systems.
So somehow you need to be able to get superuser(root) authority, either with su(1), doas(1) or sudo.

I am not familiar with Veracrypt, so I don't know if they explicitly require sudo.

Cannot you install sudo on OpenBSD?
Then using visudo configure it the same way as under Linux. Should not be too difficult .....
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump

Last edited by J65nko; 21st September 2022 at 09:31 PM. Reason: typo
Reply With Quote
Old 21st September 2022
hd77 hd77 is offline
Shell Scout
 
Join Date: Jan 2022
Posts: 97
Default

Quote:
Originally Posted by J65nko View Post
So somehow you need to be able to get superuser(root) authority, either with su(1), doas(1) or sudo.

I am not familiar with Veracrypt, so I don't know if they explicitly require sudo.

Cannot you install b]sudo[/b] on OpenBSD?
Then using visudo configure it the same way as under Linux. Should not be too difficult .....
hi

fixed it by installing sudoers, then command "visudo", then added the

user ALL=/usr/local/bin/veracrypt

it could be possible that in a soon (or less soon) future, veracrypt may be able to work without sudo/visudo, using doas instead (as I understood) ; howerver on obsd7.1, it's a requirement.

thank y!
Reply With Quote
Old 21st September 2022
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

Have you seen HOWTO: File encryption on OpenBSD with a vnode pseudo disk device? I posted that only a few days ago
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Old 6th October 2022
hd77 hd77 is offline
Shell Scout
 
Join Date: Jan 2022
Posts: 97
Default

Quote:
Originally Posted by J65nko View Post
Have you seen HOWTO: File encryption on OpenBSD with a vnode pseudo disk device? I posted that only a few days ago
yep, I already have a "raid-type" /home folder, whom asks me a password at boot before xorg appears.
but for some extra files I like the idea of having few "safes" to store other files..

its from this :
https://si3t.ch/Logiciel-libre/OpenB...rer-home.xhtml

and other sorts of similar how-to here and here
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can you trust 'NSA-proof' TrueCrypt? Cough up some dough and find out J65nko News 0 16th October 2013 07:47 AM
Security PGP, TrueCrypt-encrypted files CRACKED by £300 tool J65nko News 1 21st December 2012 05:01 AM
Truecrypt Trent OpenBSD General 1 4th February 2012 06:38 AM
DragonFly BSD DragonflyBSD has fully-compatible TrueCrypt implementation vermaden News 0 16th July 2011 09:47 PM
TrueCrypt mfaridi FreeBSD Security 6 11th October 2008 11:25 AM


All times are GMT. The time now is 10:44 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick