TODO - add additional notes
A cryptographic filesystem.
An absolutely mandatory concept and program.
Be aware that attacks on people, hardware and implementation are the go-to methods for defeating encryption. Some points:
- A legal or physical threat, lies and other social engineering.
- A hardware or software keylogger. Are you typing your password on a keyboard and computer you control?
eCryptfs-mount.sh is my helper script
TODO - Where the fnek is the fnek signature stored?
- 2016-03-28 - 108 on Slackware 14.1
- 2016-03-26 - 104 on Lubuntu 14.04.4 LTS
- 2015-05-15 - 7.0.8 on Slackel 6.0.3 "Live Openbox"
2016-03-28 - 108 ∞
I found eCryptfs via Ubuntu thanks to http://pkgs.org/search/ecryptfs
1. Install slpkg
2. Install alien
slpkg -s sbo alien
\wget -c http://archive.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/ecryptfs-utils_108-0ubuntu1_i386.deb \alien ecryptfs-utils_108-0ubuntu1_i386.deb -t \installpkg ecryptfs-utils-108.tgz
\wget -c http://archive.ubuntu.com/ubuntu/pool/main/e/ecryptfs-utils/libecryptfs1_108-0ubuntu1_i386.deb \alien libecryptfs1_108-0ubuntu1_i386.deb -t \installpkg libecryptfs1-108.tgz
2016-03-26 - 104 ∞
I think I originally had this installed via a third-party repository.
Some time recently, I had some more silent data corruption. It could be this, or it could be Btrfs.
2015-05-15 - 7.0.8 ∞
wget -c ftp://ftp.linux.cz/pub/linux/slackware/slackware-current/slackware/l/keyutils-1.5.5-i486-1.txz
Though I can get a 32bit LiveUSB working, I cannot find a 32bit ecryptfs package.
Tested and works, including testing eCryptfs itself.
\wget -c http://www.slackers.it/repository/ecryptfs-utils/ecryptfs-utils-106-x86_64-1cf.txz \wget -c ftp://ftp.linux.cz/pub/linux/slackware/slackware64-14.0/slackware64/l/keyutils-1.5.5-x86_64-1.txz \sudo \installpkg ecryptfs-utils-106-x86_64-1cf.txz \sudo \installpkg keyutils-1.5.5-x86_64-1.txz
2015-05-08 - 7.0.8 ∞
32 bit ∞
Tested and works. Also tested the actual encryption, which also works.
\wget -c http://www.slackers.it/repository/ecryptfs-utils/ecryptfs-utils-106-x86_64-1cf.txz \wget -c ftp://ftp.linux.cz/pub/linux/slackware/slackware64-14.0/slackware64/l/keyutils-1.5.5-x86_64-1.txz \txz2sb ecryptfs-utils-106-x86_64-1cf.txz \txz2sb keyutils-1.5.5-x86_64-1.txz \slax activate ecryptfs-utils-106-x86_64-1cf.sb \slax activate keyutils-1.5.5-x86_64-1.sb
Both encrypted and unencrypted data ∞
eCryptfs-mount.sh foo \echo encrypted>foo/enc.txt \sudo \umount foo \echo unencrypted>foo/unenc.txt eCryptfs-mount.sh foo
Looking inside the now-unencrypted directory "foo" will show the encrypted and unencrypted files side-by-side. However, "unenc.txt" will not be readable at this time. "foo" would have to be unmounted for "unenc.txt" to become readable again. Interesting.
Learn to use a file thingy?: ∞
- use both a file and a keyphrase?
back up the file onto redundant usb drives
- keep one of the usb sticks in a more secure location?
"no space left on device" ∞
can be caused by bad filenames being copied into the eCryptfs volume. Confirmed:
- A leading space
.rus filenames -- presumably any significant amount of extended characters.
- .jap seems to be ok, or these filenames were short enough.
- other languages untested