Main Menu

Linux

friends

Banner

Other Stuff

Related Articles

Latest articles

if then else in BASH - the basics
13/05/2010 | mad mad mod

If then else in bash is not very difficult. However, there is something that can cause problems:Please note the spacing inside the brackets! It won't work without! string comparison
simple example:



 [ ... ]


+ Full Story
convert mysql table from MyISAM to InnoDB
30/12/2009 | mad mad mod

MyISAM is the default storage engine for MySQL. Unfortunately it doesn't support transactions or foreign keys (but it has some other nice features like compression). However, because InnoDB does su [ ... ]


+ Full Story
Other Articles
Facebook MySpace Twitter Digg Delicious Stumbleupon Google Bookmarks 

Designed by:
SiteGround web hosting Joomla Templates
very simple folder encryption with ecryptfs E-mail
Security

Sometimes you want to protect some of your files from unauthorized access. One option is use a cryptographic filesystem like ecryptfs.

"eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux."

from https://launchpad.net/ecryptfs

 

How does it work?

It is really simple. Because ecryptfs runs on top of standard local filesystems (e.g. ext3, jfs xfs ReiserFS) you don't have to create a separate filesystem for your encrypted files. All you have to do is mounting an ecryptfs filesystem in a new folder.

Step 1: Requirements


Linux kernel versions 2.6.19 and later have eCryptfs support. There are also some experimental backports,

Step 2: Installation

All You have to do installing the ecryptfs-utils package. Because I use Fedora I will install it using yum:

# yum install ecryptfs-utils

 

Step 3: usage

create a new folder in your home directory (or wherever you want it):

# mkdir -m 700 private

The mode should be 700 to deny anyone but your user access.

 

now its time to mount the ecryptfs filesystem:

 [root@blackmod ~]# mount -t ecryptfs /home/mod/privat/ /home/mod/privat/
Select key type to use for newly created files:
 1) passphrase
 2) openssl
Selection: 1
Passphrase:
Verify Passphrase:
Cipher
1) AES-128
2) AES-192
3) AES-256
4) Blowfish
5) CAST5
6) Twofish
7) Triple-DES
8) CAST6
Selection [AES-128]: 1
Enable plaintext passthrough (y/n): n
Attempting to mount with the following options:
  ecryptfs_cipher=aes
  ecryptfs_key_bytes=16
  ecryptfs_sig=e13878d01dfe87fb
Mounted eCryptfs
[root@blackmod ~]#

 

Now create a new file in your encrypted ~private folder:

# echo "secret password: 23ewP==_" > /home/mod/privat/file.txt

and read it:

 
# cat /home/mod/privat/file.txt
secret password: 23ewP==_

 

Ok. Now unmount the filesystem and read it again:

  
# umount /home/mod/privat/
# cat /home/mod/privat/file.txt
?????
     R ?"3DUfw`?{&??L??????_CONSOLE?8x?????e?AF??+??
?K?!??????
          S?[?}?E9?c?????7??WlB?p1!G4???1?}???
                                              {??n,???f4??`?
(...)

 

As you can see, the data is not readable anymore once the ecryptfs filesystem is unmounted. To read and write again to the private folder you have to mount it again. And because thats a bit painful I would recommend to create a wrapper script arround that:

 

  
# vi /usr/local/bin/mountecryptfs.sh
     
  

 
  
#!/bin/bash
mount -t ecryptfs /home/mod/privat /home/mod/privat -okey=passphrase,cipher=aes,ecryptfs_key_bytes=16,passthrough=n

# chmod 700 /usr/local/bin/mountecryptfs.sh

Comments (0)
Write comment
Your Contact Details:
Comment:
[b] [i] [u] [url] [quote] [code] [img]   
:D:angry::angry-red::evil::idea::love::x:no-comments::ooo::pirate::?::(
:sleep::););)):0
Security
Please input the anti-spam code that you can read in the image.

!joomlacomment 4.0 Copyright (C) 2009 Compojoom.com . All rights reserved."
 
mad mad mod, Powered by Joomla! and designed by SiteGround web hosting