From owner-freebsd-questions@FreeBSD.ORG  Thu Feb 27 03:59:37 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 9A38CE9B
 for <freebsd-questions@freebsd.org>; Thu, 27 Feb 2014 03:59:37 +0000 (UTC)
Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 58CC61150
 for <freebsd-questions@freebsd.org>; Thu, 27 Feb 2014 03:59:37 +0000 (UTC)
Received: from r56.edvax.de (port-92-195-11-141.dynamic.qsc.de [92.195.11.141])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx02.qsc.de (Postfix) with ESMTPS id BF00527606
 for <freebsd-questions@freebsd.org>; Thu, 27 Feb 2014 04:59:28 +0100 (CET)
Received: from r56.edvax.de (localhost [127.0.0.1])
 by r56.edvax.de (8.14.5/8.14.5) with SMTP id s1R3x4rD001950
 for <freebsd-questions@freebsd.org>; Thu, 27 Feb 2014 04:59:04 +0100 (CET)
 (envelope-from freebsd@edvax.de)
Date: Thu, 27 Feb 2014 04:59:04 +0100
From: Polytropon <freebsd@edvax.de>
To: FreeBSD Questions <freebsd-questions@freebsd.org>
Subject: Simple disk encryption for off-site backup
Message-Id: <20140227045904.5ba67227.freebsd@edvax.de>
Organization: EDVAX
X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: Polytropon <freebsd@edvax.de>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Feb 2014 03:59:37 -0000

I'm planning to add a new disk next month to my home setup.
It should be an external USB disk for off-site (really!)
backup. That's why I would like to see the content encrypted.
I have no problem with entering a long passphrase when mounting
the disk for backup or restore operations, and probably I would
not feel safe enough by just using keys (stored somewhere).
The file system will be UFS, so there is no need to worry that
some other OS or "Windows" would not be able to read it. :-)

My question is: What is the _easiest_ mechanism to initialize
a disk for encrypted use? It should work with FreeBSD 9 and 10
in the first place.


-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...