分类: LINUX
2009-06-11 00:33:54
目的: 使用 eCryptfs 建立加密資料夾
環境: Ubuntu 8.04
安裝 eCryptfs
sudo apt-get install ecryptfs-utils
將某路徑掛載為加密資料夾
mkdir ~/private && chmod 700 ~/private
sudo mount -t ecryptfs ~/private ~/private
1) pkcs11-helper
2) openssl
3) passphrase
Selection: 3Passphrase: your_secret
Verify Passphrase: your_secretSelect cipher:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
2) blowfish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded)
4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded)
7) arc4: blocksize = 1; min keysize = 1; max keysize = 256 (loaded)
Selection [aes]: (Enter)Select key bytes:
1) 16
2) 32
3) 24
Selection [16]: (Enter)Enable plaintext passthrough (y/n): (Enter)
加密測試
echo 'Hello, World!' > ~/private/test.txt
cat ~/private/test.txt (正常)
sudo umount ~/private
cat ~/private/test.txt (變亂碼)
完整參數掛載法
手動輸入密碼
sudo mount -t ecryptfs ~/private ~/private -o \
key=passphrase, \
ecryptfs_cipher=aes, \
ecryptfs_key_bytes=16, \
ecryptfs_passthrough=n使用密碼檔
echo 'passwd=your_secret' > /path/to/mypasswd.txt
sudo mount -t ecryptfs ~/private ~/private -o \
key=passphrase:passfile=/path/to/mypasswd.txt, \
ecryptfs_cipher=aes, \
ecryptfs_key_bytes=16, \
ecryptfs_passthrough=n
登出時自動清除敏感記錄
vi ~/.bash_logout
#清除 nautilus、gthumb 瀏覽圖片產生的縮圖
rm -f ~/.thumbnails/normal/*#清除含特定字眼的指令記錄
history -w && history -c && sed -i '/ecryptfs/d' ~/.bash_history
Ref:
