ECryptfs

eCryptfs is Article description::an in-kernel file encryption suite. It supports diffferent symmetric encryption algorithms depending on the Kernel's crypto API. In contrast to LUKS encryption happens per file. Encryption meta data is added to the file header.

Emerge
Install :

/etc/pam.d
See the below diff for the file.

Encrypting your SWAP
Ecryptfs-utils has a utitlity which depends on. However, this utility is currently Ubuntu centric. You should setup an encrypted swap by installing and edit   which has an example of an ecrypted swap in it.

Also note, you need to add dm-crypt to the boot run level with:

You can find a version of which works with gentoo.

Mount Remote Directory
To bind and encrypt a remote directory two stages are necessary. First mounts the directory onto the local machine and provides transport encryption. Second ecryptfs transparently en- and decrypts files. NFS is an alternative but must be secured in transport and at rest, too.


 * 1) on the remote host create an empty directory
 * 2) on the local machine create a directory  and a second directory
 * 3) on the local machine mount the remote host's directory to
 * 4) and add a passphrase to the Kernel's (user) keyring with
 * 5) as root use the signature prompted from the previous command to create an entry in  with option user, so that user mount is possible
 * 6) as normal user   so that encrypted directory becomes decrypted under
 * 7) when done, first   which also removes the key from the keyring...
 * 8) ... second   to disconnect from remote host

Use  to verify signatures of keys being loaded for current user. After  there will be more entries. The sample shows the signature from above plus two others. Also check that after  of ecryptfs layer the signature is gone.

Hints and Criticism

 * available algorithms depend on Kernel API and configuration, check
 * folder structure, number of files and file size clearly visible
 * changing the passphrase/ encryption key requires full re-encryption (in different location)

External resources

 * eCryptfs on the Arch wiki