Författare:
Per Stenebo
Skapad:
2014-08-07 20:49:45
Ändrad:
2021-04-11 06:56:17
sv

Kryptering i Ubuntu

wiki.archlinux.org//ECryptfs | serverguide | ecryptfs man pagemount.ecryptfs_private man pageecryptfs-add-passphrase man page |

Encryption of a directory (not a whole partition)

The following will create the directory /opt/ENCRYPTED for encrypted content and /mnt/DECRYPTED will hold the decrypted content. That pair will be called ALIAS and the details will be stored in /home/$USER/.ecryptfs/ALIAS.conf.

You should obviously modify /opt/ENCRYPTED, /mnt/DECRYPTED, ALIAS and /home/$USER/.ecryptfs to suit your situation. You should know that mount.ecryptfs_private expect to find the details under $HOME/.ecryptfs/ where $HOME is your home directory. /opt/ENCRYPTED and /mnt/DECRYPTED can be just about anywhere.

This process can be improved to use related tools like mount.ecryptfs and ecryptfs-wrap-passphrase, please do comment below when you find better solutions.

This is tested on Ubuntu 14.04 server edition.

Setup

apt install ecryptfs-utils

Create the directory to hold the details ($USER will be translated to the username of the current user):

mkdir /home/$USER/.ecryptfs

Write the details to a file inte new dir:

echo "/opt/ENCRYPTED /mnt/DECRYPTED ecryptfs" > /home/$USER/.ecryptfs/ALIAS.conf

A mount passphrase must be added to the keyring:

ecryptfs-add-passphrase

Write the output signature (ecryptfs_sig) from the previous command to /home/$USER/.ecryptfs/ALIAS.sig:

echo a3d89dcccbf268aa > /home/$USER/.ecryptfs/ALIAS.sig

A second passphrase for filename encryption may be used. If you choose so, add it to the keyring:

ecryptfs-add-passphrase

If you run the command above, append its output signature (ecryptfs_fnek_sig) to /home/$USER/.ecryptfs/ALIAS.sig:
 
echo f201a3a93968225e >> /home/$USER/.ecryptfs/ALIAS.sig

Finally, to mount /opt/ENCRYPTED on /mnt/DECRYPTED:

mount.ecryptfs_private ALIAS

 

Mount/unmount

To unmount /mnt/DECRYPTED:

umount.ecryptfs_private ALIAS

Mount after umount (or reboot):

ecryptfs-add-passphrase (1st passphrase)

ecryptfs-add-passphrase (2nd passphrase, if used)

mount.ecryptfs_private ALIAS

 

Kryptering av hel partition med LUKS och cryptsetup

| HowTo på NixCraft

Innan avstängning

Avmontera och stäng krypterad partition:

sudo umount /mnt/bup

sudo cryptsetup luksClose bup

Efter (om)start

Om den krypterade partitionen ligger på en extern enhet kan det vara bra att kolla var den hamnat med:

sudo fdisk -l

Öppna och montera krypterad partition, här fanns den på /dev/sda1, lösenord (Solhaga gamla admin/root) kommer att efterfrågas:

sudo cryptsetup luksOpen /dev/sda1 bup

sudo mount /dev/mapper/bup /mnt/bup

 

Kommentarer till sidan Kryptering