Projet

Général

Profil

Ecryptfs » Historique » Version 1

Mehdi Abaakouk, 02/06/2013 21:12

1 1 Mehdi Abaakouk
h1. Ecryptfs
2 1 Mehdi Abaakouk
3 1 Mehdi Abaakouk
4 1 Mehdi Abaakouk
h2. La méthod root
5 1 Mehdi Abaakouk
6 1 Mehdi Abaakouk
* Permet de choisir le répertoire crypté
7 1 Mehdi Abaakouk
* Utilise une passephrase 
8 1 Mehdi Abaakouk
* Ne dépends pas de logiciel exterieur
9 1 Mehdi Abaakouk
10 1 Mehdi Abaakouk
h3. Configuration
11 1 Mehdi Abaakouk
12 1 Mehdi Abaakouk
Création des répertoires 
13 1 Mehdi Abaakouk
14 1 Mehdi Abaakouk
<pre>
15 1 Mehdi Abaakouk
# mkdir -m 500 -p mysecretdir
16 1 Mehdi Abaakouk
# mkdir -m 700 -p .mysecretdir
17 1 Mehdi Abaakouk
</pre>
18 1 Mehdi Abaakouk
19 1 Mehdi Abaakouk
Initialisation du répertoire crypté:
20 1 Mehdi Abaakouk
21 1 Mehdi Abaakouk
<pre>
22 1 Mehdi Abaakouk
# sudo mount -t ecryptfs -o no_sig_cache .mysecretdir mysecretdir
23 1 Mehdi Abaakouk
24 1 Mehdi Abaakouk
Passphrase: *your_passphrase*
25 1 Mehdi Abaakouk
Select cipher: 
26 1 Mehdi Abaakouk
 1) aes: blocksize = 16; min keysize = 16; max keysize = 32
27 1 Mehdi Abaakouk
 2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56
28 1 Mehdi Abaakouk
 3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24
29 1 Mehdi Abaakouk
 4) twofish: blocksize = 16; min keysize = 16; max keysize = 32
30 1 Mehdi Abaakouk
 5) cast6: blocksize = 16; min keysize = 16; max keysize = 32
31 1 Mehdi Abaakouk
 6) cast5: blocksize = 8; min keysize = 5; max keysize = 16
32 1 Mehdi Abaakouk
Selection [aes]: *<enter>*
33 1 Mehdi Abaakouk
Select key bytes: 
34 1 Mehdi Abaakouk
 1) 16
35 1 Mehdi Abaakouk
 2) 32
36 1 Mehdi Abaakouk
 3) 24
37 1 Mehdi Abaakouk
Selection [16]: *<enter>*
38 1 Mehdi Abaakouk
Enable plaintext passthrough (y/n) [n]: *<enter>*
39 1 Mehdi Abaakouk
Enable filename encryption (y/n) [n] : *y*
40 1 Mehdi Abaakouk
Filename Encryption Key (FNEK) Signature [XXXXXXXXXXXXXXXXXXX]: *<enter>*
41 1 Mehdi Abaakouk
Attempting to mount with the following options:
42 1 Mehdi Abaakouk
  ecryptfs_unlink_sigs
43 1 Mehdi Abaakouk
  ecryptfs_fnek_sig=XXXXXXXXXXXXXX
44 1 Mehdi Abaakouk
  ecryptfs_key_bytes=16
45 1 Mehdi Abaakouk
  ecryptfs_cipher=aes
46 1 Mehdi Abaakouk
  ecryptfs_sig=XXXXXXXXXXXXXX
47 1 Mehdi Abaakouk
Mounted eCryptfs
48 1 Mehdi Abaakouk
</pre>
49 1 Mehdi Abaakouk
50 1 Mehdi Abaakouk
On peux memoriser les options choisi dans son /etc/fstab comme ceci pour quelle ne soit pas redemandé à chaque montage:
51 1 Mehdi Abaakouk
52 1 Mehdi Abaakouk
<pre>
53 1 Mehdi Abaakouk
/home/sileht/.mysecretdir /home/sileht/mysecretdir ecryptfs noauto,ecryptfs_enable_filename_crypto=y,ecryptfs_unlink_sigs,ecryptfs_fnek_sig=XXXXXXXXXXXXXX,ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig=XXXXXXXXXXXXXX,ecryptfs_passthrough=no,no_sig_cache 0 0
54 1 Mehdi Abaakouk
</pre>
55 1 Mehdi Abaakouk
56 1 Mehdi Abaakouk
57 1 Mehdi Abaakouk
h3. Utilisation:
58 1 Mehdi Abaakouk
59 1 Mehdi Abaakouk
si il n'est pas monté: 
60 1 Mehdi Abaakouk
61 1 Mehdi Abaakouk
<pre>
62 1 Mehdi Abaakouk
# sudo mount mysecretdir
63 1 Mehdi Abaakouk
</pre>
64 1 Mehdi Abaakouk
65 1 Mehdi Abaakouk
Puis,
66 1 Mehdi Abaakouk
67 1 Mehdi Abaakouk
<pre>
68 1 Mehdi Abaakouk
# echo "TEST" > mysecretdir/test
69 1 Mehdi Abaakouk
# sudo umount mysecretdir
70 1 Mehdi Abaakouk
71 1 Mehdi Abaakouk
# find .mysecretdir 
72 1 Mehdi Abaakouk
.mysecretdir
73 1 Mehdi Abaakouk
.mysecretdir/ECRYPTFS_FNEK_ENCRYPTED.FWZSxtNBzRhUc-T0igL-f2xajxDl2TU2MN3yqm0Itm4EZOA0-Ks4Ul599k--
74 1 Mehdi Abaakouk
75 1 Mehdi Abaakouk
# sudo mount mysecretdir 
76 1 Mehdi Abaakouk
Passphrase: 
77 1 Mehdi Abaakouk
Attempting to mount with the following options:
78 1 Mehdi Abaakouk
  ecryptfs_unlink_sigs
79 1 Mehdi Abaakouk
  ecryptfs_fnek_sig=5ef7964dfddb60a0
80 1 Mehdi Abaakouk
  ecryptfs_key_bytes=16
81 1 Mehdi Abaakouk
  ecryptfs_cipher=aes
82 1 Mehdi Abaakouk
  ecryptfs_sig=5ef7964dfddb60a0
83 1 Mehdi Abaakouk
Mounted eCryptfs
84 1 Mehdi Abaakouk
85 1 Mehdi Abaakouk
# cat mysecretdir/test 
86 1 Mehdi Abaakouk
TEST
87 1 Mehdi Abaakouk
88 1 Mehdi Abaakouk
</pre>
89 1 Mehdi Abaakouk
h2. La méthode userland
90 1 Mehdi Abaakouk
91 1 Mehdi Abaakouk
* Le répertoire crypté est forcément Private et .Private
92 1 Mehdi Abaakouk
* Ce mountage est automatiquement monté/démonté à l'ouverture/fermeture de session (optionnel)
93 1 Mehdi Abaakouk
* Utilise le mot de passe de login et le trousseau de clé de la session utilisateur
94 1 Mehdi Abaakouk
95 1 Mehdi Abaakouk
h3. Configuration
96 1 Mehdi Abaakouk
97 1 Mehdi Abaakouk
<pre>
98 1 Mehdi Abaakouk
# ecryptfs-setup-private [--noautomount]
99 1 Mehdi Abaakouk
Enter your login passphrase [sileht]: *<login password>*
100 1 Mehdi Abaakouk
Enter your mount passphrase [leave blank to generate one]: *<enter>*
101 1 Mehdi Abaakouk
102 1 Mehdi Abaakouk
************************************************************************
103 1 Mehdi Abaakouk
YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION.
104 1 Mehdi Abaakouk
  ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase
105 1 Mehdi Abaakouk
THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.
106 1 Mehdi Abaakouk
************************************************************************
107 1 Mehdi Abaakouk
108 1 Mehdi Abaakouk
109 1 Mehdi Abaakouk
Done configuring.
110 1 Mehdi Abaakouk
111 1 Mehdi Abaakouk
Testing mount/write/umount/read...
112 1 Mehdi Abaakouk
Inserted auth tok with sig [00c5d51878ceb7a2] into the user session keyring
113 1 Mehdi Abaakouk
Inserted auth tok with sig [adb24429adf745ac] into the user session keyring
114 1 Mehdi Abaakouk
Inserted auth tok with sig [00c5d51878ceb7a2] into the user session keyring
115 1 Mehdi Abaakouk
Inserted auth tok with sig [adb24429adf745ac] into the user session keyring
116 1 Mehdi Abaakouk
Testing succeeded.
117 1 Mehdi Abaakouk
118 1 Mehdi Abaakouk
Logout, and log back in to begin using your encrypted directory.
119 1 Mehdi Abaakouk
</pre>
120 1 Mehdi Abaakouk
121 1 Mehdi Abaakouk
Et c'est tout!
122 1 Mehdi Abaakouk
123 1 Mehdi Abaakouk
124 1 Mehdi Abaakouk
h3. Utilisation
125 1 Mehdi Abaakouk
126 1 Mehdi Abaakouk
<pre>
127 1 Mehdi Abaakouk
# ecryptfs-mount-private 
128 1 Mehdi Abaakouk
Enter your login passphrase: *<login password>*
129 1 Mehdi Abaakouk
Inserted auth tok with sig [00c5d51878ceb7a2] into the user session keyring
130 1 Mehdi Abaakouk
131 1 Mehdi Abaakouk
# echo TEST > Private/test
132 1 Mehdi Abaakouk
133 1 Mehdi Abaakouk
# ecryptfs-umount-private
134 1 Mehdi Abaakouk
# find .Private
135 1 Mehdi Abaakouk
.Private
136 1 Mehdi Abaakouk
.Private/ECRYPTFS_FNEK_ENCRYPTED.FWahgYEdfTR3f-RdHuZMGUBU4uG4WV898FA9hmsdE.MuvMqujcoOMMUII---
137 1 Mehdi Abaakouk
138 1 Mehdi Abaakouk
# ecryptfs-mount-private 
139 1 Mehdi Abaakouk
Enter your login passphrase: *<login password>*
140 1 Mehdi Abaakouk
Inserted auth tok with sig [00c5d51878ceb7a2] into the user session keyring
141 1 Mehdi Abaakouk
142 1 Mehdi Abaakouk
# cat Private/test
143 1 Mehdi Abaakouk
TEST
144 1 Mehdi Abaakouk
</pre>