TUCoPS :: BSD :: pgpdbsd.txt

FreeBSD The lazy man's "PGPDisk for FreeBSD" 

 -//--**--//--xx--//--**--//--xx--//--**--//--xx--//--**--//--xx--//--**--//-
         .o (( The lazy man's "PGPDisk for FreeBSD" by Wizdumb )) o.
 -//--**--//--xx--//--**--//--xx--//--**--//--xx--//--**--//--xx--//--**--//-

I wanted to have a small cryptographic filesystem on my BSD box, so I
could feel all leet n stuff, but I hadn't seen any kernel hacks for crypto
fs's for fBSD anywhere, and even if *could* find one, it seemed a bit gay to
bloat my kernel for a crypto-fs that I'm not gonna use that often, and I
fuqn hate modules.

So this is the dodgy stupid hack I did using PGP and the VNode pseudo-device.
You can do it too, coz you probably don't know better either... ;-P

# (First make sure you have pseudo-device vn configured in yer kernel)
# Create a Empty 1MB (or whudeva size) file
dd if=/dev/zero of=whatever bs=1k count=1k
# Configure the VNode pseudo-device
vnconfig -s labels -c vn0
# Give it a label
disklabel -r -w vn0 auto
# Make a filesysten
newfs vn0c
# Unconfigure the device (the script will do it next time)
vnconfig -u
# Encrypt the file
pgp -c whatever -o whatever

Now adapt the two shell scripts below to have the right paths and
filenames n stuff and get going... (/usr/overdrive is the mount point,
/usr/.od.crypt is the encrypted fs and /usr/.od.nocrypt is what it is when
it's mounted. I figure it doesn't matter that the filesystem is
unencrypted when open coz only the owner (root) can read it anyway and
it's securely wiped afterwards.)

#cmount.sh
#!/usr/local/bin/bash
pgp -d /usr/.od.crypt -o /usr/.od.nocrypt
rm -f /usr/.od.crypt
vnconfig -s labels -c vn0 /usr/.od.nocrypt
mount /dev/vn0c /usr/overdrive
#eof

#cumount.sh
#!/usr/local/bin/bash
umount /usr/overdrive
vnconfig -u vn0
pgp -c /usr/.od.nocrypt -o /usr/.od.crypt
pgp -w /usr/.od.nocrypt
#eof

I change filenames coz PGP prompts to ask if it should overwrite otherwise,
which is annoying, and for some reason if I echo'd "y" and |'d it thru it
didn't listen. This is far from the ideal or most sophisticated
cryptographic fs solution, but it's probably the one that took the shortest
amount of time to implement, and thats a hack in its own right. ;)

PS. Sorry guys, woulda used GPG, but I don't have it on this box. But if you
    have half a brain you should be able to port this in under 30 seconds 
    and if you have more than half a brain you'll realise this is stupid and
    you don't want to do it, so I don't care. :)

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH