# Inter-operable encrypted file-system with GNU/Linux



## Xylon (Mar 1, 2018)

Hi all.

I'm wanting to migrate some or all of my computers to FreeBSD to learn about this fascinating OS.

My servers are already done, but before I try a laptop, I am trying to work out how is the best way to have an encrypted flash-drive that's inter-operable between FreeBSD and GNU/Linux (FreeBSD 11.1 -- Debian 9)

What options do I have?

Thanks for any advice,
Joseph


----------



## ralphbsz (Mar 2, 2018)

TrueCrypt exists for both Linux and FreeBSD.  I have never tried it on either.  And I don't know for a fact that they would be interoperable.  But it would be a starting point.  Since TrueCrypt is not a file system, but an encrypted block device, you would have to them put a file system onto it that's compatible.  Since suggesting FAT and friends is insane: You could try ZFS (supposedly ZFS is on-disk-format compatible between FreeBSD and Linux), or use ext2 and the FreeBSD tools for it.

Completely different suggestion: Find a server somewhere.  Move the data to the server.  Then export the data using NFS (or Samba or whatever file system protocol du jour you enjoy).  Thereby reducing it to a problem previously ... screwed up by someone else (that's an in-joke I use for cases where you don't want to deal with something, and use a crappy solution which is better than having to do the right thing yourself).


----------



## vermaden (Mar 2, 2018)

The security/veracrypt is the new security/truecrypt and it should work between Linux, FreeBSD and Windows (do not remember if Mac too).


----------



## k.jacker (Mar 2, 2018)

If you just want to move some files here and there, I'd create a fat filesystem on a flash drive and then...
`tar -cf - my_file important_folder | openssl enc -aes256 -out /mnt/encrypted_data_file` (Idon't run any Linux but it's /media/something I think. You know it I'm sure)
You'll get asked to type a password and confirm.. Done...

Don't decrypt and untar on the fat filesystem or you will ruin file permissions...
`openssl enc -d -aes256 -in /mnt/encrypted_data_file -out /tmp/my_data.tar`
Now you can just untar your data on your FreeBSD laptop from /tmp/ to the desired destinations...
openssl(1)
enc(1)


----------



## ShelLuser (Mar 2, 2018)

In addition to what k.jacker said: why not simply create an encrypted filesystem image on the flash drive? Both Linux and FreeBSD support mounting such images, the only thing you'd need is a mutually understood filesystem. Probably ext2 or ext3, while the flash drive itself can remain on what it already is (probably FAT32 or a variant thereof?).

The advantage here would be that an unwanted 3rd party would only discover a blob; a meaningless file. So without knowing that it's an encrypted filesystem the file itself would be pretty meaningless.


----------



## Xylon (Mar 4, 2018)

Thanks for the suggestions! I'm gonna try veracrypt with ext2 on top and see how it goes.


----------

