Per Stenebo
2014-08-07 20:49:45
2021-04-11 06:56:17
Kryptering i Ubuntu
| wiki.archlinux.org//ECryptfs | serverguide | ecryptfs man page | mount.ecryptfs_private man page | ecryptfs-add-passphrase man page |
Encryption of a directory (not a whole partition)
The following will create the directory /opt/ENCRYPTED for encrypted content and /mnt/DECRYPTED will hold the decrypted content. That pair will be called ALIAS and the details will be stored in /home/$USER/.ecryptfs/ALIAS.conf.
You should obviously modify /opt/ENCRYPTED, /mnt/DECRYPTED, ALIAS and /home/$USER/.ecryptfs to suit your situation. You should know that mount.ecryptfs_private expect to find the details under $HOME/.ecryptfs/ where $HOME is your home directory. /opt/ENCRYPTED and /mnt/DECRYPTED can be just about anywhere.
This process can be improved to use related tools like mount.ecryptfs and ecryptfs-wrap-passphrase, please do comment below when you find better solutions.
This is tested on Ubuntu 14.04 server edition.
Setup
apt install ecryptfs-utils
Create the directory to hold the details ($USER will be translated to the username of the current user):
mkdir /home/$USER/.ecryptfs
Write the details to a file inte new dir:
echo "/opt/ENCRYPTED /mnt/DECRYPTED ecryptfs" > /home/$USER/.ecryptfs/ALIAS.conf
A mount passphrase must be added to the keyring:
ecryptfs-add-passphrase
Write the output signature (ecryptfs_sig) from the previous command to /home/$USER/.ecryptfs/ALIAS.sig:
echo a3d89dcccbf268aa > /home/$USER/.ecryptfs/ALIAS.sig
A second passphrase for filename encryption may be used. If you choose so, add it to the keyring:
ecryptfs-add-passphrase
If you run the command above, append its output signature (ecryptfs_fnek_sig) to /home/$USER/.ecryptfs/ALIAS.sig:
echo f201a3a93968225e >> /home/$USER/.ecryptfs/ALIAS.sig
Finally, to mount /opt/ENCRYPTED on /mnt/DECRYPTED:
mount.ecryptfs_private ALIAS
Mount/unmount
To unmount /mnt/DECRYPTED:
umount.ecryptfs_private ALIAS
Mount after umount (or reboot):
ecryptfs-add-passphrase
(1st passphrase)
ecryptfs-add-passphrase
(2nd passphrase, if used)
mount.ecryptfs_private ALIAS
Kryptering av hel partition med LUKS och cryptsetup
Innan avstängning
Avmontera och stäng krypterad partition:
sudo umount /mnt/bup
sudo cryptsetup luksClose bup
Efter (om)start
Om den krypterade partitionen ligger på en extern enhet kan det vara bra att kolla var den hamnat med:
sudo fdisk -l
Öppna och montera krypterad partition, här fanns den på /dev/sda1, lösenord (Solhaga gamla admin/root) kommer att efterfrågas:
sudo cryptsetup luksOpen /dev/sda1 bup
sudo mount /dev/mapper/bup /mnt/bup