24 February 2005, 12:12 by mark hoekstra

Encrypted Fileserver

This has been an idea which I had for a while… to make an encrypted fileserver and now I just did :-) Because of the fact I read OpenBSD shouldn’t be able to use encrypted disks larger than 8.2GB, I started to look around, but a few days ago I thought “fsck it! How on earth can it be I should switch to a less secure OS for getting a more secure fileserver?” and so I continued my search on a OpenBSD-implementation and with success, cause it’s all a myth imho:

“I understand that the maximum size is about 8.2 GB”


8.2GB max? Houston? Anyone? Hellooooo?

That Howto is actually quite good, except for the fact it mentions a shortcoming I haven’t come across (I’m sure it must’ve been a shortcoming, but not any more.)


An arty detail of my encrypted fileserver :-)

Anyway, what actually happens is: You make a ‘normal’ filesystem on the disk, you fill that fs with one big file, full of zero’s. Then you use vnconfig to make a pseudo-filesystem in/on that file and that gets encrypted while it reads/writes to the disk… In my setup it looks like this:

-bash-3.00# df
Filesystem  512-blocks     Used    Avail Capacity  Mounted on
/dev/sd0a     15517420  1758700 12982852    12%    /
/dev/wd0a    384551416 384551364 -19227516   105%    /data/crypt1
/dev/wd1a    192283692 155737656 26931852    85%    /data/disk2
/dev/svnd0c  378258672 327743732 31602008    91%    /data/disk1

So /dev/wd0a is the actual disk, mounted on /data/crypt1, vnconfig makes a pseudo-device, /dev/svnd0c and that is mounted on /data/disk1 … /data/disk1 is then used by Samba, so my windows-machine (I got one left…) reads/writes to this encrypted volume and doesn’t have a clue…


I present you… (drumroll) ScramJet, one butt-ugly but very secure fileserver :-)

...and it now really is gigabytes of ones and zeros

permalink - add to del.icio.us

previous: Ultimate Speaker

next: Shuffle Art Archives