eCryptfs is a stacked cryptographic filesystem embedded within the Linux kernel. Being a stacked filesystem, it can easily encrypt and decrypt the files on your Linux server as they are written to or read from the hard disk. The greatest advantage of eCryptfs is that all encryption is made at the file level. This means that you don’t have to create a fixed size container to hold your files.
Here are the steps how to use ecryptfs:
Install ecryptfs using yum
[root@fedora01 ~]# yum install ecryptfs-utils
Load the ecryptfs module into the kernel, using modprobe
[root@fedora01 ~]# modprobe ecryptfs
Now, I have to encrypt all my files that I read & write on /home/secretdata. So, mount /home/secretdata on a encrypted mount-point.
[root@fedora01 ~]# mount -t ecryptfs /home/secretdata/ /encrypted
Select key type to use for newly created files:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
2) blowfish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded)
4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded)
Select key bytes:
Enable plaintext passthrough (y/n) [n]:
Attempting to mount with the following options:
The directory /encrypted is an “encrypted one” now. What ever you write to this directory will be encrypted here. See the demo in below steps. Here I copied /etc/passwd to the encrypted filesystem. I am able to read the file till the encrypted filesystem is mounted.
[root@fedora01 encrypted]# cp /etc/passwd /encrypted/
[root@fedora01 encrypted]# head -1 /encrypted/passwd
Once the encrypted filesystem is out of action, we cannot read the file – as it is encrypted.
[root@fedora01 ~]# umount /encrypted/
[root@fedora01 ~]# file /home/secretdata/passwd
Cool, huh? . Read more at https://launchpad.net/ecryptfs