this is obsolete doc -- see instead

NetBSD CGD (CryptoGraphic Disk driver) 



Kernel configuration 

Your NetBSD kernel needs to have this, 

pseudo-device   cgd     4       # cryptographic disk driver

It's activated by default : 



Create the cryptographic disk 

Create the parameter file, give some password, disklabel and format it, 

cd /etc/cgd/
ls -l
cgdconfig -g -V disklabel aes-cbc 256 > wd1a # this takes some time
cgdconfig -V re-enter cgd0 /dev/wd1a wd1a
disklabel -e -I cgd0
newfs /dev/rcgd0a


If it's a virtual disk, 

cgdconfig -g -V disklabel aes-cbc 256 > /etc/cgd/vnd0d
cgdconfig -V re-enter cgd0 /dev/vnd0d /etc/cgd/vnd0d



Mount the cryptographic disk 

Configure the cryptographic disk, 

cgdconfig -V none cgd0 /dev/wd1a
mount /dev/cgd0a /mnt

Note you could add /etc/cgd/wd1a as additional argument to cgdconfig (defaults to device name) 



If it's a virtual disk do this first, 

vnconfig vnd0 image.vdisk
cgdconfig -V none cgd0 /dev/vnd0d



Unmount the cryptographic disk 

Like that, 

umount /mnt
cgdconfig -u cgd0


And if it's a virtual disk, 

vnconfig -u vnd0