November 11, 2019

OpenBSD: Encrypt USB drive

Encrypt the disc

This is just a reminder for myself. You should check the official documentation.

Plug in your drive and check with dmesg what sd it is.

# dd if=/dev/urandom of=/dev/rsd3c bs=1m
# fdisk -iy sd3
# disklabel -E sd3 # make an "a" partition of type RAID
# bioctl -c C -l sd3a softraid0
New passphrase:
Re-type passphrase:
softraid0: CRYPTO volume attached as sd4
# dd if=/dev/zero of=/dev/rsd4c bs=1m count=1
# fdisk -iy sd4
# disklabel -E sd4 # make an "i" partition
# newfs sd4i
# mkdir -p /mnt/secretstuff
# mount /dev/sd4i /mnt/secretstuff
# mv somefile /mnt/secretstuff/
# umount /mnt/secretstuff
# bioctl -d sd4

It is a good idea to use the uid format instead of /dev/sdX, because next time you plug in another usb drive, the system might get confused.

You can retrieve the uid of the disk by running

disklabel sd3a | grep uid

and of the encrypted disk by running

disklabel sd4a | grep uid

I usually employ these usb disks to make a backup copy of my laptop, and for that I use the following two scripts to mount the drive and backup things to it.