Setting up an encrypted file system

Setting up an encrypted file system

This article was written by Niklas Saers

I had long been hearing from my Linux using friends about their different encrypted
filesystems and wanted one for FreeBSD.  The reasons for this are many: I have copies
of all my emails and mails from the golden BBS days until now with the exception of a few
harddrive crashes, and I wouldn’t want whoever to read this.  I also find encryption
interesting and I would see how this worked performancewise.  Although there are no
encrypted file systems in the kernel, I found one in ports/security.  
This file system is really a RPC server for the NFS protocol.  It uses 3DES by
default but has other forms of encryption available as well.  However, for this
introduction we’ll stick with the standard.

First of all, use su to become root
and install the port security/cfs. A simple:

cd /usr/ports/security/cfs && make install clean

should do the trick.  If you for some reason don’t use ports, you can fetch the
package from

The next step is setting up the daemon.  cfs requires an entry in /etc/exports
for emulating NFS, and the cfsd attaches encrypted directories to this mounted
NFS.  Since it only needs some directory and you’re only going to allow your own
computer to access this, insert the following line to /etc/exports (create /etc/exports
with this line only if you don’t have one already) :

/var/tmp localhost

All right. If you do not have NFS up and running already, we’re going to have to start
the portmap and the mountd d

6 thoughts on “Setting up an encrypted file system”

  1. I would like to say that after having RTFM (or this howto) i was able to set up a totally (locally safe) server without having any fears of my ISP taking my servers (for any reasons) and using data on it.

  2. Hey!
    Great article.
    Quick and easy and right to the point.

    Here’s a little script I wrote to connect to my private cfs.
    Call it what you want and place it in your $HOME/bin.

    case "$1" in
    /usr/local/bin/cattach -t 15 $HOME/.private .private
    /usr/local/bin/cdetach .private
    echo "Usage: `basename $0` [-m|-u]" >&2

    exit 0

    As for the test result:

    Crypted fs:
    Fri Feb 8 20:06:32 CET 2002
    100000+0 records in
    100000+0 records out
    51200000 bytes transferred in 61.063670 secs (838469 bytes/sec)
    Fri Feb 8 20:07:33 CET 2002

    !crypted fs:
    Fri Feb 8 20:07:39 CET 2002
    100000+0 records in
    100000+0 records out
    51200000 bytes transferred in 4.019759 secs (12737082 bytes/sec)
    Fri Feb 8 20:07:43 CET 2002

    Don’t know why the speed is so slow on the cfs..


Leave a Comment

Scroll to Top