In this guide, you will learn how to automate ecryptfs mounting procedure. In our previous article, we learnt how to encrypt files and directories on Ubuntu 18.04 using eCryptfs. The whole process of decrypting the directories is a bit old school and therefore, we bring you the easiest ways to decrypt the eCryptfs encrypted directory.
Table of Contents
Automating eCryptfs Mounting Procedure
We will discuss two ways of doing this;
- Using bash script to automate the whole mount procedure
- using a USB with a passphrase key to automount the directory on boot.
Auto-mount eCryptfs encrypted directory using a bash script
The following is bash script that I made for this task. Feel free to improve on it to best suite your needs.
vim mount_unmount_mydocs.sh
#!/bin/bash
home=$HOME
secure_dir=$HOME/mydocuments
# Choose whether to mount or unmount your encrypted directory.
read -p "Do you want to mount or unmount the directory?(mount/unmount): " choice
if [[ "$choice" == "mount" ]]; then
# Prompt the user to enter passphrase.
read -sp "Enter the mount passphrase: " mountphrase
echo
echo "passphrase_passwd=${mountphrase}" > $HOME/key.txt
#Insert the Authentication passphrase into the user session keyring
printf "%s" "${mountphrase}" | ecryptfs-add-passphrase - > $HOME/sig_file.txt
#Extract the signature from the tmp.txr file
sig=`cat sig_file.txt | cut -d" " -f6 | tr -d '[]'`
# Remove the file with the signature
rm -f $HOME/sig_file.txt
#Mount the directory
sudo mount -t ecryptfs -o key=passphrase:passphrase_passwd_file=$HOME/key.txt,no_sig_cache,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_enable_filename=y,ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=y,ecryptfs_fnek_sig=${sig},ecryptfs_sig=${sig},ecryptfs_unlink_sigs $secure_dir $secure_dir &>/dev/null
echo "Encrypted directory mounted successfully."
# Remove the file containing the passphrase
rm -rf $HOME/key.txt
elif [[ "$choice" == "unmount" ]]; then
sudo umount $secure_dir 2>/dev/null
if [[ $? == 0 ]]; then
echo "Encrypted directory unmounted successfully."
else
echo "$secure_dir: target is busy."
fi
fi
Set the executable permissions on the script.
chmod +x mount_unmount_mydocs.shMount the encrypted directory using the script.
./mount_unmount_mydocs.shDo you want to mount or unmount the directory?(mount/unmount): mount
Enter the mount passphrase:
Encrypted directory mounted successfully.Unmount the encrypted directory
./mount_unmount_mydocs.shDo you want to mount or unmount the directory?(mount/unmount): unmount
Encrypted directory unmounted successfully.You can create an alias for the script.
echo "alias mount_unmount_mydocs='$HOME/mount_unmount_mydocs.sh'" > .bash_aliases
source .bash_aliasesAuto-mount eCryptfs encrypted directory using a USB key
This example will use a /root/.ecryptfsrc file containing mount options, along with a passphrase file residing on a USB key.
Create a mount point for mounting the USB drive.
mkdir /media/$USER/usbMount the USB drive
mount /dev/sdb1 /media/$USER/usbCreate a passphrase file in USB mount directory
vim /media/$USER/usb/key.txtSubstitute with your passphrase;
passphrase_passwd=[secrets] Extract a signature ID from the /root/.ecryptfs/sig-cache.txt file
cat /root/.ecryptfs/sig-cache.txt 96b6fac91e0a01b8Create /root/.ecryptfsrc file containing the mount information:
vim /root/.ecryptfsrc
key=passphrase:passphrase_passwd_file=/media/username/usb/key.txt
ecryptfs_sig=96b6fac91e0a01b8
ecryptfs_cipher=aes
ecryptfs_key_bytes=16
ecryptfs_passthrough=n
ecryptfs_enable_filename_crypto=n
Add the Mount Options to the fstab file.
Replace the $USER value accordingly!
/dev/sdb1 /media/$USER/usb ext3 ro 0 0
/home/#USER/mydocuments /home/$USER/mydocuments ecryptfs defaults 0 0Note that USB with passphrase has to be mounted first before the encrypted directory can be mounted.
That concludes our guide on how to automate eCryptfs mounting procedure.
Just want to say, thanks for this!