Ecryptfs » Historique » Version 4
« Précédent -
Version 4/7
(diff) -
Version actuelle
Mehdi Abaakouk, 02/06/2013 21:13
Ecryptfs¶
- Contenu
- Ecryptfs
La méthod root¶
- Permet de choisir le répertoire crypté
- Utilise une passephrase
- Ne dépends pas de logiciel exterieur
Configuration¶
Création des répertoires
# mkdir -m 500 -p mysecretdir # mkdir -m 700 -p .mysecretdir
Initialisation du répertoire crypté:
# sudo mount -t ecryptfs -o no_sig_cache .mysecretdir mysecretdir Passphrase: *your_passphrase* Select cipher: 1) aes: blocksize = 16; min keysize = 16; max keysize = 32 2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56 3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 Selection [aes]: *<enter>* Select key bytes: 1) 16 2) 32 3) 24 Selection [16]: *<enter>* Enable plaintext passthrough (y/n) [n]: *<enter>* Enable filename encryption (y/n) [n] : *y* Filename Encryption Key (FNEK) Signature [XXXXXXXXXXXXXXXXXXX]: *<enter>* Attempting to mount with the following options: ecryptfs_unlink_sigs ecryptfs_fnek_sig=XXXXXXXXXXXXXX ecryptfs_key_bytes=16 ecryptfs_cipher=aes ecryptfs_sig=XXXXXXXXXXXXXX Mounted eCryptfs
On peux memoriser les options choisi dans son /etc/fstab comme ceci pour quelle ne soit pas redemandé à chaque montage:
/home/sileht/.mysecretdir /home/sileht/mysecretdir ecryptfs noauto,ecryptfs_enable_filename_crypto=y,ecryptfs_unlink_sigs,ecryptfs_fnek_sig=XXXXXXXXXXXXXX,ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig=XXXXXXXXXXXXXX,ecryptfs_passthrough=no,no_sig_cache 0 0
Utilisation:¶
si il n'est pas monté:
# sudo mount mysecretdir
Puis,
# echo "TEST" > mysecretdir/test # sudo umount mysecretdir # find .mysecretdir .mysecretdir .mysecretdir/ECRYPTFS_FNEK_ENCRYPTED.FWZSxtNBzRhUc-T0igL-f2xajxDl2TU2MN3yqm0Itm4EZOA0-Ks4Ul599k-- # sudo mount mysecretdir Passphrase: Attempting to mount with the following options: ecryptfs_unlink_sigs ecryptfs_fnek_sig=5ef7964dfddb60a0 ecryptfs_key_bytes=16 ecryptfs_cipher=aes ecryptfs_sig=5ef7964dfddb60a0 Mounted eCryptfs # cat mysecretdir/test TEST
La méthode userland¶
- Le répertoire crypté est forcément Private et .Private
- Ce mountage est automatiquement monté/démonté à l'ouverture/fermeture de session (optionnel)
- Utilise le mot de passe de login et le trousseau de clé de la session utilisateur
Configuration¶
# ecryptfs-setup-private [--noautomount] Enter your login passphrase [sileht]: *<login password>* Enter your mount passphrase [leave blank to generate one]: *<enter>* ************************************************************************ YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION. ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME. ************************************************************************ Done configuring. Testing mount/write/umount/read... Inserted auth tok with sig [00c5d51878ceb7a2] into the user session keyring Inserted auth tok with sig [adb24429adf745ac] into the user session keyring Inserted auth tok with sig [00c5d51878ceb7a2] into the user session keyring Inserted auth tok with sig [adb24429adf745ac] into the user session keyring Testing succeeded. Logout, and log back in to begin using your encrypted directory.
Et c'est tout!
Utilisation¶
# ecryptfs-mount-private Enter your login passphrase: *<login password>* Inserted auth tok with sig [00c5d51878ceb7a2] into the user session keyring # echo TEST > Private/test # ecryptfs-umount-private # find .Private .Private .Private/ECRYPTFS_FNEK_ENCRYPTED.FWahgYEdfTR3f-RdHuZMGUBU4uG4WV898FA9hmsdE.MuvMqujcoOMMUII--- # ecryptfs-mount-private Enter your login passphrase: *<login password>* Inserted auth tok with sig [00c5d51878ceb7a2] into the user session keyring # cat Private/test TEST