ECryptfs

From Sabayon Wiki
Revision as of 13:21, 18 February 2013 by Dyonisos (Talk | contribs) (Created page with "{{Warning| '''Work in Progress'''}} ==Summary== eCryptfs is a file system that lets you encrypt files and folders. The main advantage of eCryptfs is that you dont have to en...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Stop.png
Work in Progress

Summary

eCryptfs is a file system that lets you encrypt files and folders. The main advantage of eCryptfs is that you dont have to encrypt whole partitions. You can instead define a folder on the local file system to be mounted with the eCryptfs file system. All data stored in a folder that is mounted with eCryptfs is gonna be encrypted immediately.

Creating a private folder using eCryptfs

Here I will describe how to create a private (encrypted) folder within your $HOME directory. To start we will need to install the 'ecryptfs-utils' package.

 # equo install ecryptfs-utils 

eCryptfs comes with predefined scripts to setup a private directory. Prerequisit is, that the group 'ecryptfs' is defined and the user who executes the script is a member of this group.

 # groupadd ecryptfs 
 # usermod -G ecryptfs <username> 

After this is done we can run the setup script as user:

 $ ecryptfs-setup-private 

The output should be looking like this:

Enter your login passphrase [<username>]: 
Enter your mount passphrase [leave blank to generate one]: 

************************************************************************
YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION.
  ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase
THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.
************************************************************************


Done configuring.

Testing mount/write/umount/read...
Inserted auth tok with sig [e92ed746d5b6af67] into the user session keyring
Inserted auth tok with sig [e5194342fe7d8bf5] into the user session keyring
Inserted auth tok with sig [e92ed332d5b6af67] into the user session keyring
Inserted auth tok with sig [e5948744fe7d8bf5] into the user session keyring
Testing succeeded.

Logout, and log back in to begin using your encrypted directory.

After the setup has completet sucessfully you will find the new direcrories '.Private' and 'Private' in your $HOME. The '.Private' directory contains the encrypted files and is mounted into the 'Private' directory. The setup script creates a shortcut to mount the '.Private' directory and a README file. If this files are present it indicates that the encrypted directory is not mounted yet. So we will have to mount it before we can store our files encrypted. To do that we execute the follwing command:

 $ ecryptfs-mount-private 

Now all the files and folders we create in the 'Private' folder are gonna be encrypted immediately.

You can put the 'ecryptfs-mount-private' to your autostart options in order that the private folder gets mounted on login. In some cases it is necessary to make the script: '/usr/bin/ecryptfs-mount-private' suid root in order to be able to mount the private folder as normal user.