我使用eCryptfs通过以下方式挂载和加密特定目录:
mount -t ecryptfs /secure /secure -o ecryptfs_unlink_sigs,ecryptfs_key_bytes=16,ecryptfs_cipher=aes
我已经看过使用fstab在启动时使用ecryptfs自动挂载的示例。
我想知道这是否可能/明智地将其作为新手脚本执行,以便可以根据需要执行并进行测试?
理想情况下,它会在依赖于加密目录的其他Upstart脚本之前运行。
答案 0 :(得分:0)
请检查ruxkor's gist(original,superuser)上的以下脚本:
#!/bin/bash
# ecryptFS mount script
# taken and slightly modified version
# original at https://superuser.com/questions/227713/ecryptfs-how-to-mount-a-backup-of-an-encrypted-home-dir
# ROOT should be the parent of the .ecryptfs and .Private folders
if [ ! -d "$1" -o "$2" == "" ]; then
echo "usage: $0 /home/.ecryptfs/USER /mnt/USER"
exit 1
fi
ROOT=$1
TARGET=$2
sudo mkdir -p $TARGET
cd $ROOT
echo Type your password:
PASS=$(ecryptfs-unwrap-passphrase .ecryptfs/wrapped-passphrase | sed s/Passphrase:\ //)
SIG1=$(head -n1 .ecryptfs/Private.sig)
SIG2=$(tail -n1 .ecryptfs/Private.sig)
echo Passphrase:
echo $PASS
echo Signatures:
echo $SIG1
echo $SIG2
echo Should be empty:
sudo keyctl clear @u
sudo keyctl list @u
echo Do not type anything:
echo $PASS | sudo ecryptfs-add-passphrase --fnek
echo Sould have signatures:
sudo keyctl list @u
echo Mounting $ROOT on $TARGET...
sudo mount -t ecryptfs -o key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=no,ecryptfs_enable_filename_crypto=yes,ecryptfs_sig=$SIG1,ecryptfs_fnek_sig=$SIG2,passwd=$(echo $PASS) .Private $TARGET
ls $TARGET
您可以将此脚本扩展为使用参数化密码,例如:
ecryptfs-unwrap-passphrase .ecryptfs/wrapped-passphrase PASS
或:
printf "%s" "wrapping passphrase" | ecryptfs-unwrap-passphrase [file] -
根据需要修改脚本。