Projet

Général

Profil

Ecryptfs » Historique » Version 4

Mehdi Abaakouk, 02/06/2013 21:13

1 1 Mehdi Abaakouk
h1. Ecryptfs
2 1 Mehdi Abaakouk
3 4 Mehdi Abaakouk
{{>toc}} 
4 1 Mehdi Abaakouk
5 1 Mehdi Abaakouk
h2. La méthod root
6 1 Mehdi Abaakouk
7 1 Mehdi Abaakouk
* Permet de choisir le répertoire crypté
8 1 Mehdi Abaakouk
* Utilise une passephrase 
9 1 Mehdi Abaakouk
* Ne dépends pas de logiciel exterieur
10 1 Mehdi Abaakouk
11 1 Mehdi Abaakouk
h3. Configuration
12 1 Mehdi Abaakouk
13 1 Mehdi Abaakouk
Création des répertoires 
14 1 Mehdi Abaakouk
15 1 Mehdi Abaakouk
<pre>
16 1 Mehdi Abaakouk
# mkdir -m 500 -p mysecretdir
17 1 Mehdi Abaakouk
# mkdir -m 700 -p .mysecretdir
18 1 Mehdi Abaakouk
</pre>
19 1 Mehdi Abaakouk
20 1 Mehdi Abaakouk
Initialisation du répertoire crypté:
21 1 Mehdi Abaakouk
22 1 Mehdi Abaakouk
<pre>
23 1 Mehdi Abaakouk
# sudo mount -t ecryptfs -o no_sig_cache .mysecretdir mysecretdir
24 1 Mehdi Abaakouk
25 1 Mehdi Abaakouk
Passphrase: *your_passphrase*
26 1 Mehdi Abaakouk
Select cipher: 
27 1 Mehdi Abaakouk
 1) aes: blocksize = 16; min keysize = 16; max keysize = 32
28 1 Mehdi Abaakouk
 2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56
29 1 Mehdi Abaakouk
 3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24
30 1 Mehdi Abaakouk
 4) twofish: blocksize = 16; min keysize = 16; max keysize = 32
31 1 Mehdi Abaakouk
 5) cast6: blocksize = 16; min keysize = 16; max keysize = 32
32 1 Mehdi Abaakouk
 6) cast5: blocksize = 8; min keysize = 5; max keysize = 16
33 1 Mehdi Abaakouk
Selection [aes]: *<enter>*
34 1 Mehdi Abaakouk
Select key bytes: 
35 1 Mehdi Abaakouk
 1) 16
36 1 Mehdi Abaakouk
 2) 32
37 1 Mehdi Abaakouk
 3) 24
38 1 Mehdi Abaakouk
Selection [16]: *<enter>*
39 1 Mehdi Abaakouk
Enable plaintext passthrough (y/n) [n]: *<enter>*
40 1 Mehdi Abaakouk
Enable filename encryption (y/n) [n] : *y*
41 1 Mehdi Abaakouk
Filename Encryption Key (FNEK) Signature [XXXXXXXXXXXXXXXXXXX]: *<enter>*
42 1 Mehdi Abaakouk
Attempting to mount with the following options:
43 1 Mehdi Abaakouk
  ecryptfs_unlink_sigs
44 1 Mehdi Abaakouk
  ecryptfs_fnek_sig=XXXXXXXXXXXXXX
45 1 Mehdi Abaakouk
  ecryptfs_key_bytes=16
46 1 Mehdi Abaakouk
  ecryptfs_cipher=aes
47 1 Mehdi Abaakouk
  ecryptfs_sig=XXXXXXXXXXXXXX
48 1 Mehdi Abaakouk
Mounted eCryptfs
49 1 Mehdi Abaakouk
</pre>
50 1 Mehdi Abaakouk
51 1 Mehdi Abaakouk
On peux memoriser les options choisi dans son /etc/fstab comme ceci pour quelle ne soit pas redemandé à chaque montage:
52 1 Mehdi Abaakouk
53 1 Mehdi Abaakouk
<pre>
54 1 Mehdi Abaakouk
/home/sileht/.mysecretdir /home/sileht/mysecretdir ecryptfs noauto,ecryptfs_enable_filename_crypto=y,ecryptfs_unlink_sigs,ecryptfs_fnek_sig=XXXXXXXXXXXXXX,ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig=XXXXXXXXXXXXXX,ecryptfs_passthrough=no,no_sig_cache 0 0
55 1 Mehdi Abaakouk
</pre>
56 1 Mehdi Abaakouk
57 1 Mehdi Abaakouk
58 1 Mehdi Abaakouk
h3. Utilisation:
59 1 Mehdi Abaakouk
60 1 Mehdi Abaakouk
si il n'est pas monté: 
61 1 Mehdi Abaakouk
62 1 Mehdi Abaakouk
<pre>
63 1 Mehdi Abaakouk
# sudo mount mysecretdir
64 1 Mehdi Abaakouk
</pre>
65 1 Mehdi Abaakouk
66 1 Mehdi Abaakouk
Puis,
67 1 Mehdi Abaakouk
68 1 Mehdi Abaakouk
<pre>
69 1 Mehdi Abaakouk
# echo "TEST" > mysecretdir/test
70 1 Mehdi Abaakouk
# sudo umount mysecretdir
71 1 Mehdi Abaakouk
72 1 Mehdi Abaakouk
# find .mysecretdir 
73 1 Mehdi Abaakouk
.mysecretdir
74 1 Mehdi Abaakouk
.mysecretdir/ECRYPTFS_FNEK_ENCRYPTED.FWZSxtNBzRhUc-T0igL-f2xajxDl2TU2MN3yqm0Itm4EZOA0-Ks4Ul599k--
75 1 Mehdi Abaakouk
76 1 Mehdi Abaakouk
# sudo mount mysecretdir 
77 1 Mehdi Abaakouk
Passphrase: 
78 1 Mehdi Abaakouk
Attempting to mount with the following options:
79 1 Mehdi Abaakouk
  ecryptfs_unlink_sigs
80 1 Mehdi Abaakouk
  ecryptfs_fnek_sig=5ef7964dfddb60a0
81 1 Mehdi Abaakouk
  ecryptfs_key_bytes=16
82 1 Mehdi Abaakouk
  ecryptfs_cipher=aes
83 1 Mehdi Abaakouk
  ecryptfs_sig=5ef7964dfddb60a0
84 1 Mehdi Abaakouk
Mounted eCryptfs
85 1 Mehdi Abaakouk
86 1 Mehdi Abaakouk
# cat mysecretdir/test 
87 1 Mehdi Abaakouk
TEST
88 1 Mehdi Abaakouk
89 1 Mehdi Abaakouk
</pre>
90 2 Mehdi Abaakouk
91 1 Mehdi Abaakouk
h2. La méthode userland
92 1 Mehdi Abaakouk
93 1 Mehdi Abaakouk
* Le répertoire crypté est forcément Private et .Private
94 1 Mehdi Abaakouk
* Ce mountage est automatiquement monté/démonté à l'ouverture/fermeture de session (optionnel)
95 1 Mehdi Abaakouk
* Utilise le mot de passe de login et le trousseau de clé de la session utilisateur
96 1 Mehdi Abaakouk
97 1 Mehdi Abaakouk
h3. Configuration
98 1 Mehdi Abaakouk
99 1 Mehdi Abaakouk
<pre>
100 1 Mehdi Abaakouk
# ecryptfs-setup-private [--noautomount]
101 1 Mehdi Abaakouk
Enter your login passphrase [sileht]: *<login password>*
102 1 Mehdi Abaakouk
Enter your mount passphrase [leave blank to generate one]: *<enter>*
103 1 Mehdi Abaakouk
104 1 Mehdi Abaakouk
************************************************************************
105 1 Mehdi Abaakouk
YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION.
106 1 Mehdi Abaakouk
  ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase
107 1 Mehdi Abaakouk
THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.
108 1 Mehdi Abaakouk
************************************************************************
109 1 Mehdi Abaakouk
110 1 Mehdi Abaakouk
111 1 Mehdi Abaakouk
Done configuring.
112 1 Mehdi Abaakouk
113 1 Mehdi Abaakouk
Testing mount/write/umount/read...
114 1 Mehdi Abaakouk
Inserted auth tok with sig [00c5d51878ceb7a2] into the user session keyring
115 1 Mehdi Abaakouk
Inserted auth tok with sig [adb24429adf745ac] into the user session keyring
116 1 Mehdi Abaakouk
Inserted auth tok with sig [00c5d51878ceb7a2] into the user session keyring
117 1 Mehdi Abaakouk
Inserted auth tok with sig [adb24429adf745ac] into the user session keyring
118 1 Mehdi Abaakouk
Testing succeeded.
119 1 Mehdi Abaakouk
120 1 Mehdi Abaakouk
Logout, and log back in to begin using your encrypted directory.
121 1 Mehdi Abaakouk
</pre>
122 1 Mehdi Abaakouk
123 1 Mehdi Abaakouk
Et c'est tout!
124 1 Mehdi Abaakouk
125 1 Mehdi Abaakouk
126 1 Mehdi Abaakouk
h3. Utilisation
127 1 Mehdi Abaakouk
128 1 Mehdi Abaakouk
<pre>
129 1 Mehdi Abaakouk
# ecryptfs-mount-private 
130 1 Mehdi Abaakouk
Enter your login passphrase: *<login password>*
131 1 Mehdi Abaakouk
Inserted auth tok with sig [00c5d51878ceb7a2] into the user session keyring
132 1 Mehdi Abaakouk
133 1 Mehdi Abaakouk
# echo TEST > Private/test
134 1 Mehdi Abaakouk
135 1 Mehdi Abaakouk
# ecryptfs-umount-private
136 1 Mehdi Abaakouk
# find .Private
137 1 Mehdi Abaakouk
.Private
138 1 Mehdi Abaakouk
.Private/ECRYPTFS_FNEK_ENCRYPTED.FWahgYEdfTR3f-RdHuZMGUBU4uG4WV898FA9hmsdE.MuvMqujcoOMMUII---
139 1 Mehdi Abaakouk
140 1 Mehdi Abaakouk
# ecryptfs-mount-private 
141 1 Mehdi Abaakouk
Enter your login passphrase: *<login password>*
142 1 Mehdi Abaakouk
Inserted auth tok with sig [00c5d51878ceb7a2] into the user session keyring
143 1 Mehdi Abaakouk
144 1 Mehdi Abaakouk
# cat Private/test
145 1 Mehdi Abaakouk
TEST
146 1 Mehdi Abaakouk
</pre>