eCryptfs is a kernel-native cryptographic filesystem. Itâ€™s also a stacked filesystem, eCryptfs must work on top of another filesystem such as Ext3. This means that you donâ€™t need to allocate space for eCryptfs, it will grow and shrink as you add files to it.
eCryptfs will be used in Ubuntu 8.10 to provide an encrypted private directory for every user. I set up my own private directory in Ubuntu 8.04. Itâ€™s not a user friendly solution like it will be in the next version of Ubuntu, but itâ€™s not too difficult to simplify mounting and unmounting with some launchers.
Install eCryptfs from the package ecryptfs-utils, or by running the command below in your terminal:
sudo apt-get install ecryptfs-utils
Create a new directory to encrypt. I used a directory called Private in my home folder:
You donâ€™t want other users on your system snooping on your Private directory, change its permissions to deny anyone but your user access:
chmod 700 ~/Private
Mount a new eCryptfs filesystem in your new folder:
sudo mount -t ecryptfs ~/Private ~/Private
Youâ€™ll be asked some questions by eCryptfs. I selected to use a passphrase, the default AES encryption, and 16-byte key length. Notice the defaults, indicated in square brackets, if youâ€™re not sure about an option. (If youâ€™re wondering about the â€œplaintext passthroughâ€ option like I was, it allows non-encrypted files to be used inside the mount. I selected to turn this off.) eCryptfs will notice that this is the first time you have used your passphrase, and will ask if it can save a hash so it doesnâ€™t have to warn you every time.
Once the mount finishes, try and add some files to your encrypted folder. Unmount the encrypted folder to secure it:
sudo umount ~/Private
If you open the Private directory now, youâ€™ll still see all the filenames. But opening a file will reveal that its contents are encrypted. I examined my test plain text file in a hex editor, and it certainly looks encrypted:
Remounting the Private directory can be done with the same mount command we used before. However, youâ€™ll still be asked for the key type, your passphrase, the cipher, and the key length. Who wants to remember all of that and enter it every time?
You can avoid this by providing some options with the mount command. This mount command specifies enough options that you should only be prompted for your passphrase:
sudo mount -t ecryptfs ~/Private ~/Private -o key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n
Want to streamline mounting and unmounting the your private directory? In Ubuntu 8.10 all of this will be done automatically when you log in and out. For until then, I just created two simple launchers in GNOME, one for mounting and one for unmounting my private directory.
Create a new launcher by right-clicking on your desktop and selecting Create Launcher. Change the type to Application in Terminal. Paste in the command youâ€™re using to either mount or unmount. If youâ€™re using a tilda (~) character in your commands to refer to your home directory, you need to specify the whole path instead if youâ€™re using sudo. (It seems that using a GNOME launcher with sudo will cause a tilda to point to rootâ€™s home. In a normal terminal it would point to your own home.)
These launchers should open a terminal, take any input needed, close the terminal, and perform the eCryptfs mount/unmount
[phpbay]encryption, 5, “”, “”[/phpbay]
Related Posts: On this day...
- October 31st is Jesusween - 2011
- Must have Bug Out Bag item #19 - 2010
- Arizona State Student Loses Scholarship After Starring in Porn - 2010
- SSL Still Mostly Misunderstood - 2009
- BlackBerry BBM 5.0 is now in app world - 2009
- Why We Love Linux - 2008
- So the kid that broke into Palin's email is gonna get pwnt - 2008