TODO - add additional notes
(on Wikipedia)
https://www.ecryptfs.org/
A cryptographic filesystem.
A fantastic concept and program which I used heavily for a long time across multiple Linux distributions.
-
Be aware that attacks on people, hardware and implementation are the go-to methods for defeating encryption. Some points:
- A legal or physical threat, lies and other social engineering.
- A hardware or software keylogger. Are you typing your password on a keyboard and computer you control?
-
eCryptfs-mount.sh is my helper script.
- https://help.ubuntu.com/community/EncryptedPrivateDirectory
- https://tombuntu.com/index.php/2008/08/07/create-an-encrypted-private-directory-with-ecryptfs/
- https://wiki.archlinux.org/title/ECryptfs [ 1 ] was https://wiki.archlinux.org/index.php/ECryptfs
- https://verb.fyi/2010/11/05/ecryptfs-mount-options/
- https://help.ubuntu.com/lts/serverguide/ecryptfs.html
- https://web.archive.org/web/20161205094259/http://www.kaijanmaki.net:80/2009/10/26/recovering-files-from-ecryptfs-encrypted-home/
-
TODO - Where the fnek is the fnek signature stored?
--
- 2016-03-28 - 108 on Slackware 14.1
- 2016-03-26 - 104 on Lubuntu 14.04.4 LTS
- 2015-05-15 - 7.0.8 on Slackel 6.0.3 "Live Openbox"
-
2015-05-08 - 7.0.8 on Slax 7.0.8
2016-03-28 - 108 ∞
This is not available via slpkg, so I ended up installing it using alien.
I found eCryptfs via Ubuntu thanks to pkgs.org/search/ecryptfs
Installation ∞
1. Install slpkg
2. Install alien
slpkg -s sbo alien
3. Get/install ecryptfs-utils
I got it from pkgs.org/ubuntu-15.10/ubuntu-main-i386/ecryptfs-utils_108-0ubuntu1_i386.deb.html
\wget -c archive.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/ecryptfs-utils_108-0ubuntu1_i386.deb \alien ecryptfs-utils_108-0ubuntu1_i386.deb -t \installpkg ecryptfs-utils-108.tgz
I guess everything else was included with my default installation of Slackware 14.1, because I only needed
libecryptfs1
(see below)
gettext-base keyutils libc6 (>= 2.8) libecryptfs1 (>= 104-0ubuntu1) libkeyutils1 (>= 1.4) libnss3-1d libpam0g (>= 0.99.7.1) libpam-runtime (>= 1.0.1-6)
4. Get/install libecryptfs1
pkgs.org/ubuntu-15.10/ubuntu-main-i386/libecryptfs1_108-0ubuntu1_i386.deb.html
\wget -c archive.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/libecryptfs1_108-0ubuntu1_i386.deb \alien libecryptfs1_108-0ubuntu1_i386.deb -t \installpkg libecryptfs1-108.tgz
2016-03-26 - 104 ∞
104-0ubuntu1.14.04.4
I think I originally had this installed via a third-party repository.
Some time recently, I had some more silent data corruption. It could be this, or it could be Btrfs.
2015-05-15 - 7.0.8 ∞
32bit ∞
(unknown)
wget -c ftp://ftp.linux.cz/pub/linux/slackware/slackware-current/slackware/l/keyutils-1.5.5-i486-1.txz
Though I can get a 32bit LiveUSB working, I cannot find a 32bit ecryptfs package.
x86_64 ∞
Tested and works, including testing eCryptfs itself.
\wget -c www.slackers.it/repository/ecryptfs-utils/ecryptfs-utils-106-x86_64-1cf.txz \wget -c ftp://ftp.linux.cz/pub/linux/slackware/slackware64-14.0/slackware64/l/keyutils-1.5.5-x86_64-1.txz \sudo \installpkg ecryptfs-utils-106-x86_64-1cf.txz \sudo \installpkg keyutils-1.5.5-x86_64-1.txz
2015-05-08 - 7.0.8 ∞
32 bit ∞
(unknown)
x86_64 ∞
Tested and works. Also tested the actual encryption, which also works.
\wget -c www.slackers.it/repository/ecryptfs-utils/ecryptfs-utils-106-x86_64-1cf.txz \wget -c ftp://ftp.linux.cz/pub/linux/slackware/slackware64-14.0/slackware64/l/keyutils-1.5.5-x86_64-1.txz \txz2sb ecryptfs-utils-106-x86_64-1cf.txz \txz2sb keyutils-1.5.5-x86_64-1.txz \slax activate ecryptfs-utils-106-x86_64-1cf.sb \slax activate keyutils-1.5.5-x86_64-1.sb
Notes ∞
Both encrypted and unencrypted data ∞
eCryptfs-mount.sh foo \echo encrypted>foo/enc.txt \sudo \umount foo \echo unencrypted>foo/unenc.txt eCryptfs-mount.sh foo
Looking inside the now-unencrypted directory "foo" will show the encrypted and unencrypted files side-by-side. However, "unenc.txt" will not be readable at this time. "foo" would have to be unmounted for "unenc.txt" to become readable again. Interesting.
Learn to use a file thingy?: ∞
- use both a file and a keyphrase?
-
back up the file onto redundant usb drives
- keep one of the usb sticks in a more secure location?
"no space left on device" ∞
can be caused by bad filenames being copied into the eCryptfs volume. Confirmed:
- A leading space
-
.rus filenames -- presumably any significant amount of extended characters.
- .jap seems to be ok, or these filenames were short enough.
- other languages untested
Footnotes
Last updated 2021-05-05 at 01:06:02