Linux Enterprise Cryptographic Filesystem : ecryptfs

eCryptfs is a stacked cryptographic filesystem embedded within the Linux kernel. Being a stacked filesystem, it can easily encrypt and decrypt the files on your Linux server as they are written to or read from the hard disk. The greatest advantage of eCryptfs is that all encryption is made at the file level. This means that you don’t have to create a fixed size container to hold your files.

Here are the steps how to use ecryptfs:





  1. Install ecryptfs using yum

    [[email protected] ~]# yum install ecryptfs-utils

  2. Load the ecryptfs module into the kernel, using modprobe

    [[email protected] ~]# modprobe ecryptfs

  3. Now, I have to encrypt all my files that I read & write on /home/secretdata. So, mount /home/secretdata on a encrypted mount-point.

    [[email protected] ~]# mount -t ecryptfs /home/secretdata/ /encrypted
    Select key type to use for newly created files:
    1) tspi
    2) openssl
    3) passphrase
    Selection: 3
    Select cipher:
     1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
    2) blowfish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
    3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded)
    4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
    5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
    6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded)
    Selection [aes]:
    Select key bytes:
    1) 16
    2) 32
    3) 24
    Selection [16]:
    Enable plaintext passthrough (y/n) [n]:
    Attempting to mount with the following options:
    Mounted eCryptfs

  4. The directory /encrypted is an “encrypted one” now. What ever you write to this directory will be encrypted here. See the demo in below steps. Here I copied /etc/passwd to the encrypted filesystem. I am able to read the file till the encrypted filesystem is mounted.

    [[email protected] encrypted]# cp /etc/passwd /encrypted/

    [[email protected] encrypted]# head -1 /encrypted/passwd
    [[email protected] encrypted]#

    Once the encrypted filesystem is out of action, we cannot read the file – as it is encrypted.

    [[email protected] ~]# umount /encrypted/

    [[email protected] ~]# file /home/secretdata/passwd
    /home/secretdata/passwd: data
    [[email protected] ~]#

  5. Cool, huh? . Read more at 
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Dynamically detecting new disks in Linux

Next Post

Netapp Simulator – Installation steps

Related Posts

HPUX tips

1) Find number of processors in the machine. # /usr/sbin/ioscan -k -C processorH/W Path  Class     Description===============================160       processor Processor166      …
Read More