Ecryptfs » Historique » Version 4
Mehdi Abaakouk, 02/06/2013 21:13
1 | 1 | Mehdi Abaakouk | h1. Ecryptfs |
---|---|---|---|
2 | 1 | Mehdi Abaakouk | |
3 | 4 | Mehdi Abaakouk | {{>toc}} |
4 | 1 | Mehdi Abaakouk | |
5 | 1 | Mehdi Abaakouk | h2. La méthod root |
6 | 1 | Mehdi Abaakouk | |
7 | 1 | Mehdi Abaakouk | * Permet de choisir le répertoire crypté |
8 | 1 | Mehdi Abaakouk | * Utilise une passephrase |
9 | 1 | Mehdi Abaakouk | * Ne dépends pas de logiciel exterieur |
10 | 1 | Mehdi Abaakouk | |
11 | 1 | Mehdi Abaakouk | h3. Configuration |
12 | 1 | Mehdi Abaakouk | |
13 | 1 | Mehdi Abaakouk | Création des répertoires |
14 | 1 | Mehdi Abaakouk | |
15 | 1 | Mehdi Abaakouk | <pre> |
16 | 1 | Mehdi Abaakouk | # mkdir -m 500 -p mysecretdir |
17 | 1 | Mehdi Abaakouk | # mkdir -m 700 -p .mysecretdir |
18 | 1 | Mehdi Abaakouk | </pre> |
19 | 1 | Mehdi Abaakouk | |
20 | 1 | Mehdi Abaakouk | Initialisation du répertoire crypté: |
21 | 1 | Mehdi Abaakouk | |
22 | 1 | Mehdi Abaakouk | <pre> |
23 | 1 | Mehdi Abaakouk | # sudo mount -t ecryptfs -o no_sig_cache .mysecretdir mysecretdir |
24 | 1 | Mehdi Abaakouk | |
25 | 1 | Mehdi Abaakouk | Passphrase: *your_passphrase* |
26 | 1 | Mehdi Abaakouk | Select cipher: |
27 | 1 | Mehdi Abaakouk | 1) aes: blocksize = 16; min keysize = 16; max keysize = 32 |
28 | 1 | Mehdi Abaakouk | 2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56 |
29 | 1 | Mehdi Abaakouk | 3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 |
30 | 1 | Mehdi Abaakouk | 4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 |
31 | 1 | Mehdi Abaakouk | 5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 |
32 | 1 | Mehdi Abaakouk | 6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 |
33 | 1 | Mehdi Abaakouk | Selection [aes]: *<enter>* |
34 | 1 | Mehdi Abaakouk | Select key bytes: |
35 | 1 | Mehdi Abaakouk | 1) 16 |
36 | 1 | Mehdi Abaakouk | 2) 32 |
37 | 1 | Mehdi Abaakouk | 3) 24 |
38 | 1 | Mehdi Abaakouk | Selection [16]: *<enter>* |
39 | 1 | Mehdi Abaakouk | Enable plaintext passthrough (y/n) [n]: *<enter>* |
40 | 1 | Mehdi Abaakouk | Enable filename encryption (y/n) [n] : *y* |
41 | 1 | Mehdi Abaakouk | Filename Encryption Key (FNEK) Signature [XXXXXXXXXXXXXXXXXXX]: *<enter>* |
42 | 1 | Mehdi Abaakouk | Attempting to mount with the following options: |
43 | 1 | Mehdi Abaakouk | ecryptfs_unlink_sigs |
44 | 1 | Mehdi Abaakouk | ecryptfs_fnek_sig=XXXXXXXXXXXXXX |
45 | 1 | Mehdi Abaakouk | ecryptfs_key_bytes=16 |
46 | 1 | Mehdi Abaakouk | ecryptfs_cipher=aes |
47 | 1 | Mehdi Abaakouk | ecryptfs_sig=XXXXXXXXXXXXXX |
48 | 1 | Mehdi Abaakouk | Mounted eCryptfs |
49 | 1 | Mehdi Abaakouk | </pre> |
50 | 1 | Mehdi Abaakouk | |
51 | 1 | Mehdi Abaakouk | On peux memoriser les options choisi dans son /etc/fstab comme ceci pour quelle ne soit pas redemandé à chaque montage: |
52 | 1 | Mehdi Abaakouk | |
53 | 1 | Mehdi Abaakouk | <pre> |
54 | 1 | Mehdi Abaakouk | /home/sileht/.mysecretdir /home/sileht/mysecretdir ecryptfs noauto,ecryptfs_enable_filename_crypto=y,ecryptfs_unlink_sigs,ecryptfs_fnek_sig=XXXXXXXXXXXXXX,ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig=XXXXXXXXXXXXXX,ecryptfs_passthrough=no,no_sig_cache 0 0 |
55 | 1 | Mehdi Abaakouk | </pre> |
56 | 1 | Mehdi Abaakouk | |
57 | 1 | Mehdi Abaakouk | |
58 | 1 | Mehdi Abaakouk | h3. Utilisation: |
59 | 1 | Mehdi Abaakouk | |
60 | 1 | Mehdi Abaakouk | si il n'est pas monté: |
61 | 1 | Mehdi Abaakouk | |
62 | 1 | Mehdi Abaakouk | <pre> |
63 | 1 | Mehdi Abaakouk | # sudo mount mysecretdir |
64 | 1 | Mehdi Abaakouk | </pre> |
65 | 1 | Mehdi Abaakouk | |
66 | 1 | Mehdi Abaakouk | Puis, |
67 | 1 | Mehdi Abaakouk | |
68 | 1 | Mehdi Abaakouk | <pre> |
69 | 1 | Mehdi Abaakouk | # echo "TEST" > mysecretdir/test |
70 | 1 | Mehdi Abaakouk | # sudo umount mysecretdir |
71 | 1 | Mehdi Abaakouk | |
72 | 1 | Mehdi Abaakouk | # find .mysecretdir |
73 | 1 | Mehdi Abaakouk | .mysecretdir |
74 | 1 | Mehdi Abaakouk | .mysecretdir/ECRYPTFS_FNEK_ENCRYPTED.FWZSxtNBzRhUc-T0igL-f2xajxDl2TU2MN3yqm0Itm4EZOA0-Ks4Ul599k-- |
75 | 1 | Mehdi Abaakouk | |
76 | 1 | Mehdi Abaakouk | # sudo mount mysecretdir |
77 | 1 | Mehdi Abaakouk | Passphrase: |
78 | 1 | Mehdi Abaakouk | Attempting to mount with the following options: |
79 | 1 | Mehdi Abaakouk | ecryptfs_unlink_sigs |
80 | 1 | Mehdi Abaakouk | ecryptfs_fnek_sig=5ef7964dfddb60a0 |
81 | 1 | Mehdi Abaakouk | ecryptfs_key_bytes=16 |
82 | 1 | Mehdi Abaakouk | ecryptfs_cipher=aes |
83 | 1 | Mehdi Abaakouk | ecryptfs_sig=5ef7964dfddb60a0 |
84 | 1 | Mehdi Abaakouk | Mounted eCryptfs |
85 | 1 | Mehdi Abaakouk | |
86 | 1 | Mehdi Abaakouk | # cat mysecretdir/test |
87 | 1 | Mehdi Abaakouk | TEST |
88 | 1 | Mehdi Abaakouk | |
89 | 1 | Mehdi Abaakouk | </pre> |
90 | 2 | Mehdi Abaakouk | |
91 | 1 | Mehdi Abaakouk | h2. La méthode userland |
92 | 1 | Mehdi Abaakouk | |
93 | 1 | Mehdi Abaakouk | * Le répertoire crypté est forcément Private et .Private |
94 | 1 | Mehdi Abaakouk | * Ce mountage est automatiquement monté/démonté à l'ouverture/fermeture de session (optionnel) |
95 | 1 | Mehdi Abaakouk | * Utilise le mot de passe de login et le trousseau de clé de la session utilisateur |
96 | 1 | Mehdi Abaakouk | |
97 | 1 | Mehdi Abaakouk | h3. Configuration |
98 | 1 | Mehdi Abaakouk | |
99 | 1 | Mehdi Abaakouk | <pre> |
100 | 1 | Mehdi Abaakouk | # ecryptfs-setup-private [--noautomount] |
101 | 1 | Mehdi Abaakouk | Enter your login passphrase [sileht]: *<login password>* |
102 | 1 | Mehdi Abaakouk | Enter your mount passphrase [leave blank to generate one]: *<enter>* |
103 | 1 | Mehdi Abaakouk | |
104 | 1 | Mehdi Abaakouk | ************************************************************************ |
105 | 1 | Mehdi Abaakouk | YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION. |
106 | 1 | Mehdi Abaakouk | ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase |
107 | 1 | Mehdi Abaakouk | THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME. |
108 | 1 | Mehdi Abaakouk | ************************************************************************ |
109 | 1 | Mehdi Abaakouk | |
110 | 1 | Mehdi Abaakouk | |
111 | 1 | Mehdi Abaakouk | Done configuring. |
112 | 1 | Mehdi Abaakouk | |
113 | 1 | Mehdi Abaakouk | Testing mount/write/umount/read... |
114 | 1 | Mehdi Abaakouk | Inserted auth tok with sig [00c5d51878ceb7a2] into the user session keyring |
115 | 1 | Mehdi Abaakouk | Inserted auth tok with sig [adb24429adf745ac] into the user session keyring |
116 | 1 | Mehdi Abaakouk | Inserted auth tok with sig [00c5d51878ceb7a2] into the user session keyring |
117 | 1 | Mehdi Abaakouk | Inserted auth tok with sig [adb24429adf745ac] into the user session keyring |
118 | 1 | Mehdi Abaakouk | Testing succeeded. |
119 | 1 | Mehdi Abaakouk | |
120 | 1 | Mehdi Abaakouk | Logout, and log back in to begin using your encrypted directory. |
121 | 1 | Mehdi Abaakouk | </pre> |
122 | 1 | Mehdi Abaakouk | |
123 | 1 | Mehdi Abaakouk | Et c'est tout! |
124 | 1 | Mehdi Abaakouk | |
125 | 1 | Mehdi Abaakouk | |
126 | 1 | Mehdi Abaakouk | h3. Utilisation |
127 | 1 | Mehdi Abaakouk | |
128 | 1 | Mehdi Abaakouk | <pre> |
129 | 1 | Mehdi Abaakouk | # ecryptfs-mount-private |
130 | 1 | Mehdi Abaakouk | Enter your login passphrase: *<login password>* |
131 | 1 | Mehdi Abaakouk | Inserted auth tok with sig [00c5d51878ceb7a2] into the user session keyring |
132 | 1 | Mehdi Abaakouk | |
133 | 1 | Mehdi Abaakouk | # echo TEST > Private/test |
134 | 1 | Mehdi Abaakouk | |
135 | 1 | Mehdi Abaakouk | # ecryptfs-umount-private |
136 | 1 | Mehdi Abaakouk | # find .Private |
137 | 1 | Mehdi Abaakouk | .Private |
138 | 1 | Mehdi Abaakouk | .Private/ECRYPTFS_FNEK_ENCRYPTED.FWahgYEdfTR3f-RdHuZMGUBU4uG4WV898FA9hmsdE.MuvMqujcoOMMUII--- |
139 | 1 | Mehdi Abaakouk | |
140 | 1 | Mehdi Abaakouk | # ecryptfs-mount-private |
141 | 1 | Mehdi Abaakouk | Enter your login passphrase: *<login password>* |
142 | 1 | Mehdi Abaakouk | Inserted auth tok with sig [00c5d51878ceb7a2] into the user session keyring |
143 | 1 | Mehdi Abaakouk | |
144 | 1 | Mehdi Abaakouk | # cat Private/test |
145 | 1 | Mehdi Abaakouk | TEST |
146 | 1 | Mehdi Abaakouk | </pre> |