Hello everbody, I'm from FreeBSD and I wanted to give OpenBSD a (new) try.
I would like to have a full disk encryption (as I've seen it's possible now with OpenBSD 5.5) and use a smart card to decrypt the volumes at boot, instead of having to type a password, which seems "less secure". I read a lot of articles to see how it works using bioctl but none are talking about using a smart card as a keydisk, only USB drive. If I understood correctly, when using "bioctl -k /path/of/RAID/keydisk", the key is created automatically and the encrypted RAID volume is associated to that "USB RAID partition keydisk". So the system can now boot only if the BIOS/UEFI finds that particular USB RAID partition. My questions are: 1) How to do the same thing using a Smart Card instead of a USB drive? 2) Is it possible to "copy" the image of the USB key disk to a Smart Card (or inversely) to be able to boot using either the USB or the Smart Card? 3) If the Smart card is used as a key disk to boot the system. Is it possible to configure that same smart card to access my home computer using SSH? (As if it was ONLY possible to SSH to my computer using that smartcard). Thank you very much for your help, I'm pretty new with those kind of things. Julien M
