wiki:linux/Encryption/ecryptfs

cryptsetup, ecryptfs, encfs, gpg


Arch Wiki


Terms used by ecryptfs

wrapping passphrase With this passphrase the mountpass will be encrypted
mountpass The mount passphrase is such a thing as a master password which is used to encrypt the files/directories

Install

# apt-get install ecryptfs-utils

Create encrypted directory

$ ecryptfs-setup-private --wrapping --noautomount

--wrapping: Don't use users login password as wrapping passphrase.
--noautomount: Don't mount on login.

Mount (decrypt)/unmount (encrypt) directory

$ ecryptfs-mount-private
$ ecryptfs-umount-private

Encrypt files/directories e.g. from backup source

Create an encrypted directory with the same wrapping passphrase and mountpass which are used for the encrypted files. Copy the content of the backed up .Private/ folder in the new created .Private/ directory. Now you can mount it with the underlying passphrase.

$ ecryptfs-setup-private --wrapping --noautomount
$ cp -r /folder/to/backup/.Private/* ~/.Private/
$ ecryptfs-mount-private

Keep ecryptfs folder mounted

To prevent ecryptfs to umount the ~/Private directory at logout remove ~/.ecryptfs/auto-umount:

$ rm ~/.ecryptfs/auto-umount

To recover the default behaviour create a ~/.ecryptfs/auto-umount file:

$ touch ~/.ecryptfs/auto-umount
Last modified 4 years ago Last modified on Mar 2, 2015, 3:30:34 PM