this is obsolete doc -- see http://doc.nethence.com/ instead

FreeBSD gbde (GEOM based disk encryption) configuration 

FreeBSD configuration : http://pbraun.nethence.com/doc/sysutils_bsd/freebsd.html 

Configuration 

Proceed, 

kldload geom_bde

note. otherwise you could recompile your kernel with "options GEOM_BDE" in it. 

fdisk ad4

disklabel ad4s1

mkdir -p /etc/gbde

gbde init /dev/ad4s1e -i -L /etc/gbde/ad4s1e.lock

like, 

sector_size     =       2048

number_of_keys  =       1

#random_flush    =       yes

note. random_flash takes too much time to initialize. You need to comment/disable it. 

check, 

ll /etc/gbde/

Attach the cryptographic disk and create the filesystem, 

gbde attach /dev/ad4s1e -l /etc/gbde/ad4s1e.lock

ll /dev/ad4*

note. you should see "ad4s1e.bde" 

newfs -U -O2 /dev/ad4s1e.bde

configure this filesystem, 

mkdir -p /data

vi /etc/fstab

like, 

/dev/ad4s1e.bde         /data           ufs     rw,noauto       0       0

mount it, 

mount /data

Usage 

Mount it, 

kldload geom_bde

gbde attach /dev/ad4s1e -l /etc/gbde/ad4s1e.lock

fsck_ufs -C /dev/ad4s1e.bde

mount /data

Note. fsck -C to skip for an already marked clean file system 

Unmount it, 

#/etc/rc.d/samba stop

umount /data

gbde detach /dev/ad4s1e

kldunload geom_bde

#/etc/rc.d/samba start

References 

Encrypting Disk Partitions : http://www.freebsd.org/doc/en/books/handbook/disks-encrypting.html 

Building and Installing a Custom Kernel : http://www.freebsd.org/doc/en/books/handbook/kernelconfig-building.html 

Setting up an encrypted file system : http://www.freebsddiary.org/encrypted-fs.php 

VNcrypt project homepage : http://vncrypt.sourceforge.net/