Home > Privacy, Security > An Encrypted File System on a USB Thumbdrive (FreeBSD) An Encrypted File System on a USB Thumbdrive (FreeBSD) Submitted by TTF 2004-11-13 Privacy, Security 15 Comments In this article you will learn how to set up FreeBSD to use a USB thumbdrive, how to configure and use the Cryptographic File System (CFS), and then for the FreeBSD 5.X users, how to use the brand new Geom Based Disk Encryption system (gbde). About The Author Eugenia Loli Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker. Follow me on Twitter @EugeniaLoli 15 Comments 2004-11-13 10:16 am Anonymous I’m still looking for an encrypted filesystem that can be mounted (rw) bij linux, freebsd and windows. I use PGPdisk for Windows, but unfortunately pgpdisk is not supported bij GNUpgp. Other linux-specific of bsd-specific methods are not supported by windows. Does someone know a cross-platform (virtual) disk encryption method? 2004-11-13 11:55 am Anonymous CrossCrypt 0.4.3: Open Source AES and TwoFish Linux compatible on the fly encryption for Windows XP and Windows 2000. http://www.scherrer.cc/crypt/ But I do not know about BSD. 2004-11-13 1:44 pm Anonymous Sukru, thanks a lot for your suggestion! 2004-11-13 4:28 pm Anonymous Does someone know a cross-platform (virtual) disk encryption method? What about BestCrypt? http://www.jetico.com/ 2004-11-13 7:20 pm Anonymous BestCrypt looks far more mature than CrossCrypt. But CrossCrypt is open-source. Depending on one’s priorities, one has to choose one of these 🙂 2004-11-14 1:56 am Anonymous I use truecrypt for windows http://www.truecrypt.tk/ It’s open source and there is a planned linux version. 2004-11-14 2:56 am Anonymous If you just want to encrypt a few files (as opposed to a whole partition), there’s bcrypt which works on all the following: x86 FreeBSD, OpenBSD, Linux, Cygwin, Win32 Sparc R220 Solaris 2.7, 2.8 Sparc Ultra60 Linux 2.4 Alpha Linux 2.4 PPC G4 MacOS X 10.1 SERVER PPC RS/6000 Linux 2.4 More info here: http://bcrypt.sourceforge.net/ 2004-11-14 3:46 am Anonymous Your link to truecrypt doesn’t work.. Do you have a link that works? 2004-11-14 3:59 am Anonymous truecrypt looks very interesting, but I’m always careful about trusting “planned” features 🙂 2004-11-14 4:43 am Anonymous So far I’m still “stuck” with BestCrypt. I need Linux and Windows compatibility. Mouting encrypted root partition is optional, but encrypting swap partition/swap files is paramount for me. Any other alternatives to BestCrypt for me (free/paid)? 2004-11-14 9:01 am Anonymous then i suggest using a OpenPGP client. gpg is nice, as is pgp and mcrypt. right now im using OpenBSD’s encrypted loopback, its so easy to setup . Shame it can only use blowfish (unless someone knows of a way to change that?) 2004-11-14 6:43 pm Anonymous From the article: # mount /dev/da0 /mnt Isn’t mounting things directly on /mnt generally to be avoided? I know that in Linux, at least, that has a good chance of hanging. Maybe BSD is different? Anyone know? 2004-11-14 7:21 pm Anonymous From the article: # mount /dev/da0 /mnt Isn’t mounting things directly on /mnt generally to be avoided? I know that in Linux, at least, that has a good chance of hanging. Maybe BSD is different? Anyone know? In all the years that I’ve used FreeBSD, this has never been a problem. Typically, you only mount things on /mnt temporarily anyway which reduces that chances of anything ever happening anyway. Although, if it makes you feel better you can create subdirectories under /mnt to mount your devices. 2004-11-14 9:12 pm Anonymous actually only the knoppix based live cd distros have this limitation (that i know of) in truth the point of /mnt is a temporary mount point but most distros got away from that idea and mounted things underneath /mnt instead of to it. i know redhat/fedora did this until recently, now they do the mounts underneath /media and leave /mnt open for temp mounting. 2004-11-15 3:44 am Anonymous Definately useful if you’re only using FreeBSD, but man, GBDE is still a pig to set up, and I personally couldn’t recomend it to anybody for general use. For the time being, I’d have to say stick with things like PGP or GPG.