eCryptfs is a stacked cryptographic filesystem embedded within the Linux kernel. Being a stacked filesystem, it can easily encrypt and decrypt the files on your Linux server as they are written to or read from the hard disk. The greatest advantage of eCryptfs is that all encryption is made at the file level. This means that you don’t have to create a fixed size container to hold your files.

Here are the steps how to use ecryptfs:





  1. Install ecryptfs using yum

    [root@fedora01 ~]# yum install ecryptfs-utils

  2. Load the ecryptfs module into the kernel, using modprobe

    [root@fedora01 ~]# modprobe ecryptfs

  3. Now, I have to encrypt all my files that I read & write on /home/secretdata. So, mount /home/secretdata on a encrypted mount-point.

    [root@fedora01 ~]# mount -t ecryptfs /home/secretdata/ /encrypted
    Select key type to use for newly created files:
    1) tspi
    2) openssl
    3) passphrase
    Selection: 3
    Select cipher:
     1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
    2) blowfish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
    3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded)
    4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
    5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
    6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded)
    Selection [aes]:
    Select key bytes:
    1) 16
    2) 32
    3) 24
    Selection [16]:
    Enable plaintext passthrough (y/n) [n]:
    Attempting to mount with the following options:
    Mounted eCryptfs

  4. The directory /encrypted is an “encrypted one” now. What ever you write to this directory will be encrypted here. See the demo in below steps. Here I copied /etc/passwd to the encrypted filesystem. I am able to read the file till the encrypted filesystem is mounted.

    [root@fedora01 encrypted]# cp /etc/passwd /encrypted/

    [root@fedora01 encrypted]# head -1 /encrypted/passwd
    [root@fedora01 encrypted]#

    Once the encrypted filesystem is out of action, we cannot read the file – as it is encrypted.

    [root@fedora01 ~]# umount /encrypted/

    [root@fedora01 ~]# file /home/secretdata/passwd
    /home/secretdata/passwd: data
    [root@fedora01 ~]#

  5. Cool, huh? . Read more at 
Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like
Read More

Managing Xen

Here are some xm and virsh commands for creating, managing, and troubleshooting xen virtual machines. Staring and Stopping…
Read More

Disabling TLS 1.0 on nginx web servers

Disable TLS 1.0 and enable higher versions of TLS in nginx. To disable TLS 1.0 on nginx webserver installations, edit the "ssl_protocols" directive in your nginx.conf, where the TLS server directives are listed and remove TLSv1.