Comments on How To Encrypt Directories/Partitions With eCryptfs On Debian Squeeze

How To Encrypt Directories/Partitions With eCryptfs On Debian Squeeze eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux. You can use it to encrypt partitions and also directories that don't use a partition of their own, no matter the underlying filesystem, partition type, etc. This tutorial shows how to use eCryptfs to encrypt a directory on Debian Squeeze.

16 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Anonymous
Reply  

Brilliant article.  Thanks a lot for this.

By: Rich
Reply  

Does anyone use this for database partitions and how does it affect I/O performance?

Thanks

Rich

By: Anonymous
Reply  

Hi,

 Nicely explained...You can also do encrypt your partitions using LUKS. It uses the dm-crypt module to do this. Cryptsetup utility can be used to encrypt your filesystem's using aes encryption.

 But there are limitations like file level encryption is not avialable..and limit in no of keys for accessing a block device, etc..

 http://www.slashroot.in/encrypting-linux-partition-using-luks

 Thanks..

By: Anonymous
Reply  

Be carefully if you backup files to /tmp directory. System will clean this /tmp directory automatically every time on reboot.
 
But thank you for your excellent encrypting guide :)

By: Anonymous
Reply  

Very good article, I now understand what really encrypted home directory is.
Before I thought is file, mounted as encrypted file system with loop flag.

By: Anonymous
Reply  

Very helpful. Thank you.

By: Anonymous
Reply  

Well, this is my next move. But i have to get rid of encfs first...

Thanks for sharing.

Giuseppe 

By: drjaymez
Reply  

Great guide. I tweaked it by using by USB drives UUID in /etc/fstab so that even if the drive /dev/sd* changes it will still work.

By: Mike Halcrow
Reply  

Linux 4.1 will have native encryption in EXT4. Anyone currently stacking eCryptfs on EXT4 will want to look into using that instead.

By: ed
Reply  

How did get UUID to update "/root/.ecryptfsrc" on boot ?

By: aay
Reply  

commands for manual mounting via ssh console? thanks

By: dont work
Reply  

 pi@raspberrypi:/usr/local/etc $ sudo mount -t ecryptfs /usr/local/etc/ /usr/local/etc/Select key type to use for newly created files: 1) passphrase 2) tspiSelection: 1Passphrase:Select cipher: 1) aes: blocksize = 16; min keysize = 16; max keysize = 32 2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56 3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 6) cast5: blocksize = 8; min keysize = 5; max keysize = 16Selection [aes]: 1Select key bytes: 1) 16 2) 32 3) 24Selection [16]: 1Enable plaintext passthrough (y/n) [n]: nEnable filename encryption (y/n) [n]: nAttempting to mount with the following options:  ecryptfs_unlink_sigs  ecryptfs_key_bytes=16  ecryptfs_cipher=aes  ecryptfs_sig=634755cadcbd34e5WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],it looks like you have never mounted with this keybefore. This could mean that you have typed yourpassphrase wrong.Would you like to proceed with the mount (yes/no)? : yesWould you like to append sig [634755cadcbd34e5] to[/root/.ecryptfs/sig-cache.txt]in order to avoid this warning in the future (yes/no)? : yesSuccessfully appended new sig to user sig cache fileMounted eCryptfspi@raspberrypi:/usr/local/etc $ sudo nanopi@raspberrypi:/usr/local/etc $ cat test2.txtfdishfidsjfijdisfjisdjfijdisjfisdjfijsdifjisdpi@raspberrypi:/usr/local/etc $ sudo umount /usr/local/etc/Could not unlink the key(s) from your keying. Please use `keyctl unlink` if you wish to remove the key(s). Proceeding with umount.pi@raspberrypi:/usr/local/etc $ cat test2.txtfdishfidsjfijdisfjisdjfijdisjfisdjfijsdifjisdpi@raspberrypi:/usr/local/etc $

 

dont work. file ist not encrypted. on raspberry. mhhhh

By: till
Reply  

Works fine on x86 computers, so maybe it's a raspi specifc issue.

By: Mauricio
Reply  

Excellent Article. works on raspberry pi also. a reboot is needed before the first time you mount or you will get this message..

---

Selection [16]: 

Error attempting to evaluate mount options: [-22] Invalid argument

Check your system logs for details on why this happened.

Try updating your ecryptfs-utils package, and/or

submit a bug report on https://bugs.launchpad.net/ecryptfs

---

TEST: -- /media/ext-orig is an external hd drive --

pi@raspberrypi:~ $ cp /etc/hosts /media/ext-orig/backup/

pi@raspberrypi:~ $ cat /media/ext-orig/backup/hosts

127.0.0.1 localhost

::1 localhost ip6-localhost ip6-loopback

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

 

127.0.1.1 raspberrypi

pi@raspberrypi:~ $ sudo umount /media/ext-orig/backup

pi@raspberrypi:~ $ cat /media/ext-orig/ibm_backup/hosts

f

bi<5O]lJ4&GE@*_^lEBgXG>\5w98aj

 

and so on..

 

Thanks a lot!

 

By: Justin
Reply  

Hi, this has been a great help. Thank you for posting it! I do have one issue that I cannot seem to get past. On boot, it boots to emergency mode. If I simply press enter, it works just fine and goes into the UI. Is there any way to get around the emergency mode part and seamlessly go to the login?

By: ali
Reply  

Tnxxxx a lot.

i will test it on the weekend.