[ale] Using eCryptFS to secure "at rest" data. How to mount at boot?

Raj Wurttemberg rajaw at c64.us
Tue Dec 9 15:59:51 EST 2014 

Ahh!  Excellent! Thank you Sir!   

One more question... what if I wanted to use an openssl key?  What would
that fstab entry look like?

> -----Original Message-----
> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of leam
> hall
> Sent: Tuesday, December 09, 2014 3:28 PM
> To: Atlanta Linux Enthusiasts
> Subject: Re: [ale] Using eCryptFS to secure "at rest" data. How to mount
at
> boot?
> 
> On Tue, Dec 9, 2014 at 3:20 PM, Raj Wurttemberg <rajaw at c64.us> wrote:
> > I'm trying to find a way to use eCryptFS to secure the "at rest" data
> > on a server.
> >
> > I have ecryptfs installed and I understand how to encrypt a directory.
> > What I am missing, is how to mount the ecryptfs encrypted folder at boot
> (i.e.
> > fstab).
> >
> > I have been Googling for a few hours but everything I have found is
> > how to mount an encrypted home folder, which is not what I am looking
> > to accomplish.
> >
> > Kind regards,
> > /Raj
> 
> My doc from a year or so ago:
> 
> #####
> 
> ### /root/.ecrypt_key
> 
> passphrase_passwd=ecryptTHIS####
> 
> ### Make the first volumes
> 
> mkdir /opt/.fred_ecrypt
> mkdir /opt/fred
> 
> ### Edit /etc/fstab
> 
> /dev/vgroup2/fred      /opt/.fred_ecrypt     ext3    defaults        1 2
> 
> /opt/.fred_ecrypt /opt/fred ecryptfs rw,ecryptfs_sig=1234567890abcdef,
> key=passphrase:passphrase
> _passwd_file=/root/.ecrypt_key,ecryptfs_passthrough=no,ecryptfs_unlink_
> sigs,ecryptfs_cipher=aes,ecr
> yptfs_key_bytes=24 0 0
> 
> ### Mount those two volumes
> ### If it asks you for approval, then answer yes.
> ### That generally only happens on the first mount.
> 
> mount /opt/.fred_ecrypt
> mount /opt/fred
> 
> ### Make the tmpfs mount
> 
> mkdir /opt/fred/testdir
> 
> ### Edit /etc/fstab
> ### This lets you use 90% of the RAM
> 
> tmpfs   /opt/fred/testdir   tmpfs   defaults,size=90%       0 0
> 
> #####
> That help?
> 
> Leam
> --
> Mind on a Mission
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

More information about the Ale mailing list