this is obsolete doc -- see http://doc.nethence.com/ instead

NetBSD CGD (CryptoGraphic Disk driver) 

Kernel configuration 

Your NetBSD kernel needs to have this, 

pseudo-device   cgd     4       # cryptographic disk driver

It's activated by default : http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/arch/amd64/conf/GENERIC?rev=HEAD 

Create the cryptographic disk 

Create the parameter file, give some password, disklabel and format it, 

cd /etc/cgd/

ls -l

cgdconfig -g -V disklabel aes-cbc 256 > wd1a # this takes some time

cgdconfig -V re-enter cgd0 /dev/wd1a wd1a

disklabel -e -I cgd0

newfs /dev/rcgd0a

If it's a virtual disk, 

cgdconfig -g -V disklabel aes-cbc 256 > /etc/cgd/vnd0d

cgdconfig -V re-enter cgd0 /dev/vnd0d /etc/cgd/vnd0d

...

Mount the cryptographic disk 

Configure the cryptographic disk, 

cgdconfig -V none cgd0 /dev/wd1a

mount /dev/cgd0a /mnt

Note you could add /etc/cgd/wd1a as additional argument to cgdconfig (defaults to device name) 

If it's a virtual disk do this first, 

vnconfig vnd0 image.vdisk

cgdconfig -V none cgd0 /dev/vnd0d

...

Unmount the cryptographic disk 

Like that, 

umount /mnt

cgdconfig -u cgd0

And if it's a virtual disk, 

vnconfig -u vnd0

References 

http://www.netbsd.org/docs/guide/en/chap-cgd.html