Encrypted Fileserver
This has been an idea which I had for a while… to make an encrypted fileserver and now I just did :-) Because of the fact I read OpenBSD shouldn’t be able to use encrypted disks larger than 8.2GB, I started to look around, but a few days ago I thought “fsck it! How on earth can it be I should switch to a less secure OS for getting a more secure fileserver?” and so I continued my search on a OpenBSD-implementation and with success, cause it’s all a myth imho:
“I understand that the maximum size is about 8.2 GB”
8.2GB max? Houston? Anyone? Hellooooo?
That Howto is actually quite good, except for the fact it mentions a shortcoming I haven’t come across (I’m sure it must’ve been a shortcoming, but not any more.)
An arty detail of my encrypted fileserver :-)
Anyway, what actually happens is: You make a ‘normal’ filesystem on the disk, you fill that fs with one big file, full of zero’s. Then you use vnconfig to make a pseudo-filesystem in/on that file and that gets encrypted while it reads/writes to the disk… In my setup it looks like this:
-bash-3.00# df Filesystem 512-blocks Used Avail Capacity Mounted on /dev/sd0a 15517420 1758700 12982852 12% / /dev/wd0a 384551416 384551364 -19227516 105% /data/crypt1 /dev/wd1a 192283692 155737656 26931852 85% /data/disk2 /dev/svnd0c 378258672 327743732 31602008 91% /data/disk1 -bash-3.00#
So /dev/wd0a is the actual disk, mounted on /data/crypt1, vnconfig makes a pseudo-device, /dev/svnd0c and that is mounted on /data/disk1 … /data/disk1 is then used by Samba, so my windows-machine (I got one left…) reads/writes to this encrypted volume and doesn’t have a clue…
I present you… (drumroll) ScramJet, one butt-ugly but very secure fileserver :-)
...and it now really is gigabytes of ones and zeros
permalink - 
add to del.icio.us
