NAS4Free can encrypt your hard drive (or RAID array) using the FreeBSD geom eli module. This feature will use a hardware crypto acceleration card if supported.
Warning: Creating an encrypted disk will erase ALL data on this disk.
You should configure the WebGUI to use HTTPS protocol before using this feature: The passphrase used for encrypting your disk must be protected when you send it to the WebGUI.
The encryption layer must take place between the hard drive (or RAID array) and the filesystem. The High-Level process flow for encrypting simple disk is:
The High-Level process flow for encrypting software RAID array is:
It’s not a mandatory step, but a highly recommended step before you create an encrypted volume: This will prevent transferring your passphrase in clear on the network.
In this example, I will use the disk ‘ad1’. After adding this disk on the disk management page:
You should obtain the following output:
Then click on ‘encryption’ menu and ‘save’:
When the Status is ‘attached’, then the Encrypted disk must be formatted.
Open the Disk:Format menu and choose the newly created Encrypted disk:
Leave the Type as UFS (GPT and Soft Updates), click the Format Disk button and confirm.
A display similar to this should be output:
Once the Encrypted volume is created and formatted, all that is left is to create the mount point.
From the Disk drop down, select the Encrypted disk. The Encrypted disk name you previously configured is visible.
Change the Partition to EFI-GPT
Enter a useful Share name and click the Add button.
The Status should display as configuring, and then click the Apply Changes button and the Status should update to UP:
Now you can use your encrypted disk. Try to put some files on it, and we will check the comportment after a reboot:
Reboot your NAS4Free server, and open the Disk/Mount Point page.
You should see an error because NAS4Free can’t mount this encrypted disk without the passphrase:
Now open the Disk/Encryption page
You should see this encrypted disk with the status ‘Not attached’:
You must enter your passphrase by opening the Disk/Encryption/Tools page:
Enter you Pass phrase, select command ‘attach’ and click on ‘Send Command!”
It should display:
Now the state of this disk should be ‘attached’:
And the mount point status should be ‘OK’ now: