User:Maffblaster/Drafts/eCryptfs

From Gentoo Wiki
Jump to: navigation, search

eCryptfs is an enterprise cryptographic filesystem for Linux. It is developed by Ubuntu maintainers and therefore cannot be trusted...

Just joking, it is most likely safe to use.

Installation

Kernel

In order to eCryptfs to work, only a single kernel option is necessary, although setting both of the options below will not hurt:

KERNEL Enable kernel support for eCryptfs
File systems  --->
   -*- Miscellaneous filesystems  --->
      <*>   eCrypt filesystem layer support
      [*]     Enable notifications for userspace key wrap/unwrap

USE flags

After setting the kernel options, the user space tools will need to be installed. First check the the optional USE flags:

USE flags for sys-fs/ecryptfs-utils eCryptfs userspace utilities

doc Add extra documentation (API, Javadoc, etc). It is recommended to enable per package instead of globally
gpg Enable app-crypt/gnupg key module
gtk Add support for x11-libs/gtk+ (The GIMP Toolkit)
nls Add Native Language Support (using gettextGNU locale utilities)
openssl Enable dev-libs/openssl key module
pam Add support for PAM (Pluggable Authentication Modules)DANGEROUS to arbitrarily flip
pkcs11 Enable PKCS#11 (Smartcards) key module
suid Enable setuid root program, with potential security risks
tpm Enable support for Trusted Platform Module (TPM) using app-crypt/trousers

Emerge

When USE flags have been set as desired, ask Portage to install the package:

root #emerge --ask sys-fs/ecryptfs-utils

Configuration

Environment variables

Files

  • /etc/global_file_example - Global (system wide) configuration file.
  • ~/.local_file_example - Local (per user) configuration file.

Usage

Invocation

user $example

Creation

Mounting

Removal

Unmerge

root #emerge --ask --depclean --verbose sys-fs/ecryptfs-utils

See also

  • VeraCrypt - A maintained fork of Truecrypt: on-the-fly disk encryption software.

External resources

References