On Sun, Jun 11, 2017 at 09:27:25PM +0530, Mayuresh wrote: > On Sun, Jun 11, 2017 at 04:32:02PM +0200, Kamil Rytarowski wrote: > > > - Can the native cgd of NetBSD be used for the purpose of encrypted > > > backup? Basically can I mount such filesystem in a way that it shows > > > encrypted files? > > > > > > > I use cgd(4) devices for encrypted backup. > > Ok, you mean, I can mount it such that it shows encrypted files?
cgd is an encrypted disk, not a file system. I encrypts/decrypts disk blocks when reading/writing, it does not know about files at all. I have used cgd for remote encrypted backups in the past: - remote offers a "partition" as iscsi device - via iscsi the remote partition shows up as (say) sd0 on my machine - I (locally) configure cgd to use sd0c (or sd0d) - all crypto setup stays local, remote has no way to decrypt the data - when doing a backup I bring up iscsi, configure cgd, mount the cgd disk and rsync all changes over, then unconfigre cgd and disconnect iscssi In my case it was a company setup, I had to comply with "need to have automatic backups at *this* facility" policy, but I did not trust admis at that facility. I kept a printout of the cgd setup in a off-site safe. There are certainly various other ways to do something similar. Martin