我使用eCryptfs挂载并加密一个特定的目录:
mount -t ecryptfs /secure /secure -o ecryptfs_unlink_sigs,ecryptfs_key_bytes=16,ecryptfs_cipher=aes
我已经看到了使用fstab在引导时使用ecryptfs自动挂载的例子。
我想知道是否可能/明智地这样做作为一个upstart脚本,以便它可以在必要时执行,并用于测试目的?
理想情况下,它应该在其他依赖于被加密目录的Upstart脚本之前运行。
请查看ruxkor的gist(原始,超级用户)中的以下脚本:
#!/bin/bash
# ecryptFS mount script
# taken and slightly modified version
# original at https://superuser.com/questions/227713/ecryptfs-how-to-mount-a-backup-of-an-encrypted-home-dir
# ROOT should be the parent of the .ecryptfs and .Private folders
if [ ! -d "$1" -o "$2" == "" ]; then
echo "usage: $0 /home/.ecryptfs/USER /mnt/USER"
exit 1
fi
ROOT=$1
TARGET=$2
sudo mkdir -p $TARGET
cd $ROOT
echo Type your password:
PASS=$(ecryptfs-unwrap-passphrase .ecryptfs/wrapped-passphrase | sed s/Passphrase: //)
SIG1=$(head -n1 .ecryptfs/Private.sig)
SIG2=$(tail -n1 .ecryptfs/Private.sig)
echo Passphrase:
echo $PASS
echo Signatures:
echo $SIG1
echo $SIG2
echo Should be empty:
sudo keyctl clear @u
sudo keyctl list @u
echo Do not type anything:
echo $PASS | sudo ecryptfs-add-passphrase --fnek
echo Sould have signatures:
sudo keyctl list @u
echo Mounting $ROOT on $TARGET...
sudo mount -t ecryptfs -o key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=no,ecryptfs_enable_filename_crypto=yes,ecryptfs_sig=$SIG1,ecryptfs_fnek_sig=$SIG2,passwd=$(echo $PASS) .Private $TARGET
ls $TARGET
您可以扩展此脚本以使用参数化的密码短语,例如:
ecryptfs-unwrap-passphrase .ecryptfs/wrapped-passphrase PASS
或:
printf "%s" "wrapping passphrase" | ecryptfs-unwrap-passphrase [file] -
根据需要修改脚本